Convergence  Buyer's  Guide  LIVE! 

From  deployable  IP-PBX  systems  to  hosted  IP-PBX  services  and  from  unified  messag¬ 
ing  platforms  to  VoIP  security  wares,  you  can  dive  deep  into  our  database  and  pin¬ 
point  the  converged  network  products  you  need,  www.nwdocfinder.com/5193. 


NETWORKWORLD 


Clear  Choice  Test 

VoIP  analysis  tools 

ClearSight’s  Analyzer  wins  our  test  of  six  VoIP  analysis 
tools  for  the  second  year  running.  PAGE  55. 
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Net  management 
in  Interop  spotlight 


BY  DENISE  DUBIE 

Hot  technologies,  such  as  VoIP 
security  and  wireless,  will  get  their 
share  of  attention  at  this  week’s 
Interop  conference  in  New  York 
City  but  it  is  the  often-overlooked 
area  of  network  management  that 
could  steal  the  show. 

Vendors  will  swarm  the  event  to 
demonstrate  new  products  that 
go  beyond  basic  device-  and  link¬ 
monitoring  and  focus  on  applica¬ 
tion  performance  management  in 


particular.  The  estimated  7,000 
attendees  will  take  in  sessions 
such  as  “Are  traditional  network 
management  tools  irrelevant  for 
converged  networks?”  and  “Why 
is  network  management  cool 
again?” 

Vendors  with  network  manage¬ 
ment  expertise  now  more  than 
ever  are  putting  application-cen¬ 
tric  metrics  and  intelligence  in 
their  products,  industry  watchers 
See  Interop,  page  16 


Inside  Interop 

With  20  years  under  its  belt,  the  Interop  conference  has  seen 
more  than  1  million  attendees  walk  its  floors  since  1986.  Here 
is  what’s  on  tap  this  week  in  New  York  City: 

•  Event  planners  expect  7,000  attendees,  up  40%  over  last  year's  inaugural  Interop 
New  York  event,  held  in  December.  Some  18,000  attended  Interop  Las  Vegas  in  May. 

•  About  150  vendors  will  be  represented  at  the  show,  which  features  100  educational 
sessions,  including  tracks  on  data  centers,  wireless  and  mobility,  network  access 
control,  and  VoIP  and  collaboration. 

•  Keynote  speakers  range  from  Juniper  Chairman  and  CEO  Scott 
President  and  CEO  John  Swainson  and  Mark 
Bregman,  executive  vice  president  and  CTO 
at  Symantec. 

•  New  is  the  Web  2.0  Summit,  which  show 
planners  say  is  designed  to  help  IT  be  more 
responsive  and  customer-facing  as  user 
Kriens  demands  for  access  to  more  information  rises. 

Follow  along  with  our  daily  updates  from  the  show,  www.nwdocfinder.com/5114 
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Swainson 


Open  source  VoIP 
makes  the  grade 


Texas  university  replaces 
Cisco  CallManagers,  Nortel 
PBXs  with  Linux-based  VoIP 
and  messaging  servers. 

BY  PHIL  HOCHMUTH 

Some  organizations  consider  taking  the  plunge  off 
Big  Iron  PBX  platforms  into  IP  telephony  as  pretty 
daring,  but  that’s  nothing  compared  with  what  Sam 
Houston  State  University  is  doing.  The  south  Texas 
school  is  moving  thousands  of  users  off  a  Cisco  VoIP 
platform  to  an  open  source  VoIP  network  based 
on  Asterisk. 

SHSU  is  in  the  process  of  moving  6,000  students, 
faculty  and  staff  off  Cisco  CallManager  IP  PBX  and  a 


legacy  Nortel  Meridian  PBX  and  on  to  Linux  servers 
running  Asterisk,  which  includes  call  processing, 
voice  mail  and  public  switched  telephone  network 
(PSTN)  gateway  functionality. 

The  driver  for  this  project  was  More  irom  VON: 
cost,  said  Aaron  Daniel,  senior  Regulation  could 
voice  analyst  at  the  school.  stifle  video  inno- 

“We  thought  it  would  be  more  vation,  speaker 
cost  effective  in  the  long  run  to  warns.  Page  10. 
go  with  an  open  source  solution 
because  of  the  massive  amounts  of  licensing  fees 
required  to  keep  the  Cisco  CallManager  network 
up  and  running,” said  Daniel,  who  last  week  gave  a 
presentation  on  his  migration  project  at  the  VON 
show  in  Boston. 

See  Sam  Houston,  page  65 


Federal  agencies 
scramble  to  meet 
security  deadline 

BY  ELLEN  MESSMER 

Two  years  ago  President  George  Bush  ordered  the 
federal  government  to  be  ready  by  this  Oct.  27  to 
issue  a  standards-based  identity  card  that  federal  em¬ 
ployees  and  government  contractors  would  use  for 
computer  and  building  access. 

The  intention  of  the  order,  known  as  the  Homeland 
Security  Presidential  Directive  12  (HSPD-12),  was  to 
usher  in  a  new  generation  of  encryption-based  smart 
cards  with  biometrics  and  photos  to  be  used  gov¬ 
ernment-wide  for  physical  and  logical  access.  The 
Personal  Identity  Verification  (PIV)  program,  as  it’s 
come  to  be  called,  has  federal  agencies  scrambling 
to  issue  PIV  identity  cards  by  the  deadline,  but  it  is 
unclear  if  they  will  be  able  to  meet  that  goal. 

For  one,  the  $104  million  HSPD-12  services  con¬ 
tract,  awarded  last  month  by  the  General  Services 

See  PIV,  page  14 


See  results,  Page  51 


arded  seven  an 
with  70  types  of 
jiiesteuring  for  accuracy  and 
performance.  FaceTiifie’s 
RTGuardian  appliance  came  out 
on  top. 


PowerExecutive  is  available  on  all 
Take  Back  Control  are  trademarks 
Processors  are  trademarks 


except'theoc3455.  THg'System  x3655  shown  is  expected  to  t 
trademarks  ot  International  Business  Machines  Corporation  in 
Devices,  Inc.  Qther  company,.product,  and  service  names  may  be 


on  October  3, 2006.  IBM,  the  IBM  logo,  System  x,  PowerExecutive  and 
States  and/or  other  counthes.  AMD.  the  AMD  logo,  and  AMD  Opteron 
or  service  marks  of  others.  ©2006  IBM  Corporation.  All  rights  reserved. 
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.INFRASTRUCTURE  LOG 

_DAY  28:  These  slow,  inefficient  boxes  don’t  have  enough 
power  to  run  my  high-end  business  apps.  They  can’t  do 
anything.  Though  I  guess  crashing  counts  as  doing  something. 

.Need  sleep.  Will  try  to  dream  that  I  am  I.T.  King 
of  a  distant  planet  that  only  produces  stupefyingly 
powerful  servers. 

.DAY  30:  I’ve  taken  back  control,  thanks  to  the  IBM  System  x™ 
server  with  the  AMD  Opteron™  Processor.  It  has  more  power 
and  more  efficiency  than  I  ever  imagined  in  a  standards- 
based  server.  The  PowerExecutive™  tool  assigns  power  as 
needed  for  each  server.  It  helps  optimize  our  power 
consumption.  Maximize  performance.  Increase  reliability. 
I  can  finally  sleep  in  my  own  bed  again. 

_I  have  taken  back  control.  I  am  Ned,  benevolent  I.T. 

King  of  this...uh,  data  center. 


IBM.COM/TAKEBACKCONTROL/X 


The  cost 
of  getting 

bigger 
just  got 
smaller. 


You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Pillar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  over  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1  -877-252-3706  or  visit  www.pillardata.com/smaller 

Learn  the  truth  about  networked  storage. 
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Clear  Choice  Test: 

VoIP  analysis  tools 


ClearSights  Analyzer  wins  our  test  of  six  VoIP 
analvsis  tools  for  the  second  year  running,  PAGE  55 
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N.Y.C.  awards  $500M  broadband  wireless  pact 

■  In  a  blow  to  Motorola,  New  York  City  last  week  selected 
rival  Northrop  Grumman  fora  five-year, $500  million  contract 
to  provide  a  broadband  wireless  network  for  first  responders. 
Just  a  day  after  the  nation  reflected  on  the  fifth  anniversary 
of  the  Sept.  1 1,2001,  terrorist  attacks,  city  officials  announced 
they  had  hired  Northrop  Grumman  to  upgrade  their  mobile 
wireless  network  with  high-speed  data  and  video  capabilities. 
The  new  network  will  support  all  of  the  city’s  public  safety 
agencies  including  police,  fire  and  transportation.  Northrop 
Grumman  will  provide  a  mobile  broadband  wireless  network 
using  technology  from  IPWireless  of  San  Bruno,  Calif.,  that 
supports  the  Universal  Mobile  Telecommunications  Systems 
standards.  Other  subcontractors  on  Northrop  Grumman  s 
team  are  Sprint  Nextel  and  Transvideo  Communications, 
which  will  supply  spectrum,  and  Cisco,  which  will  provide 
switches  and  routers. 


Court  sentences  two  men 
in  Zotob  worm  case 

■  A  court  in  Morocco  last  week  sen¬ 
tenced  19-year-old  Farid  Essebar  to 
two  years  in  prison,  and  21-year-old 
Achraf  Bahloul  to  one  year  in  prison 
on  charges  related  to  writing  com¬ 
puter  viruses,  illegal  access  to  com¬ 
puters  and  conspiracy  to  commit 
computer  fraud.  The  two  students 
were  found  guilty  for  roles  they 
allegedly  played  in  unleashing  the 
Internet  Zotob  worm  last  year  that 
affected  companies  including  CNN, 
The  New  York  Times,  Walt  Disney, 
Kraft  Foods  and  DaimlerChrysler. 


FTC  pulls  plug  on  four 
spam  operations 

■  The  Federal  Trade  Commission  has 
shut  down  four  illegal  e-mail  spam¬ 
ming  operations,  including  one  that 
offered  the  opportunity  to  “date  lonely 
wives,”  the  agency  said  last  week.Two  of 
the  other  operations  hijacked  the  com¬ 
puters  of  third  parties  and  used  them 
to  spam  customers  with  sexually 
explicit  e-mail,  the  FTC  said.  The  FTC 
charged  the  four  operations  with  vio¬ 
lating  the  CAN-SPAM  Act.  Cleverlink 
Trading  and  its  partners  will  relinquish 
$400,000  in  spam-related  gains  to  settle 
FTC  charges.  In  a  second  case,  the  FTC 
See  News  Briefs,  page  6 
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News  Briefs 

continued  from  page  5 

charged  Zachary  Kinion  with  sending  spam  hawk¬ 
ing  adult  sites,  mortgage  rates  and  privacy  soft¬ 
ware,  and  paying  other  spammers  commissions  to 
send  spam  messages  for  him.  Another  spam  oper¬ 
ation  used  spam  zombies  —  computers  used 
without  their  owners’  knowledge  —  to  conceal  the 
source  of  sexually  explicit  spam. The  fourth  opera¬ 
tion  used  spam  to  drive  traffic  to  Web  sites  by  third 
parties,  the  FTC  said. 

FBI  floats  wiretapping  proposal 

■  Foreign  Internet  service  and  applications 
providers  would  be  required  to  base  the  servers 
they  use  for  U.S.  customers  inside  the  country, 
under  a  proposal  from  the  U.S.  Department  of 
Justice.  The  department  and  its  FBI  division  are 
taking  that  message  to  Congress  and  asking  law¬ 
makers  for  a  broad  rewriting  of  U.S.  wiretapping 
rules.  Some  members  of  Congress,  however,  have 
criticized  the  Chinese  government  for  a  similar 
law  requiring  Internet  providers  to  locate  their 
servers  inside  China’s  borders,  saying  it  allows  the 
Chinese  government  to  censor  and  monitor 
Internet  traffic.  The  Department  of  Justice  pro¬ 
posal, which  would  amend  a  1994  telephone  wire¬ 
tapping  law  called  the  Communications 
Assistance  for  Law  Enforcement  Act,  intends  to 
allow  the  U.S.  government  easier  access  to  servers 
so  it  can  monitor  communications. 

Intel,  Siemens  team  on  secure  VoIP 

■  Intel  and  Siemens  have  agreed  to  collaborate 
in  the  development  of  new  enterprise  communi¬ 
cation  systems  using  VoIP  technology. The  world’s 
largest  chip  maker  and  the  German  industrial 
conglomerate  will  fund  and  conduct  research 
focused  on  secure  wireless  networks  and  real¬ 
time  communications  using  VoIP  technology,  they 
said  last  week.  The  goal  is  to  develop  VoIP-based 
systems  based  on  Intel’s  dual-core  chips  and 
rack-mounted  servers  and  on  Siemens’  HiPath 
8000  and  OpenScape  telecom  technology.  The 
companies  plan  to  demonstrate  the  first  wave  of 
their  findings  at  an  undisclosed  Intel  laboratory 
by  year-end.  Siemens  is  transferring  its  telecom 
and  enterprise  communications  manufacturing 
operations  to  new  joint  ventures,  including  one 
with  Nokia. 

State  could  indict  HP  officials 

■  The  state  of  California  is  investigating  the 
actions  of  HP  officials  and  the  private  investigators 
they  used  in  an  internal  probe  of  the  company’s 
board  of  directors.The  state  has  enough  evidence 
to  indict  people  within  HP  and  contractors  out¬ 
side  the  company,  confirmed  Thomas  Dressier,  a 
spokesman  for  California  Attorney  General  Bill 
Lockyer.  Lockyer  is  working  with  Massachusetts 


officials  to  pursue  the  case,  according  to  a 
spokeswoman  for  the  Massachusetts  attor¬ 
ney  general’s  office.  HP  has  acknowledged 
that,  to  discover  the  source  of 
press  leaks  about  board 
deliberations,  it  hired  a  pri¬ 
vate  investigation  firm  to 
pose  as  suspected  board 
members  and  journalists  to 
convince  the  phone  com¬ 
pany  to  disclose  private 
phone  records.  This  is  a  prac¬ 
tice  known  as  pretexting.  HP 
announced  last  week  that  CEO  Mark  Hurd 
will  replace  Patricia  Dunn  as  board  chair¬ 
man  in  January;  Dunn  had  ordered  the  inves¬ 
tigation.  (See  related  story,  Page  31) 


TheGoodTheBadTheUgly 


<  Read  the  very  fine  print.  Xerox  sci¬ 
entists  have  developed  a  font  so  small  that  you  need  a 
magnifying  glass  to  read  the  words.  The  font  is  1/100th 
of  an  inch  high  and  is  designed  to  help  make  birth  cer¬ 
tificates  and  other  valuable  documents  harder  to  forge. 

Dell:  Share  the  blame.  Dell  disclosed 
Monday  that  it  might  have  to  restate  recent  earnings 
statements  because  of  discoveries  made  by  the 
Securities  and  Exchange  Commission,  prompting  com¬ 
pany  founder  and  chairman  Michael  Dell  to  defend  his 
embattled  chief  executive,  Kevin  Rollins.  "We  run  the 
company  together,  so  if  you  want  to  blame  somebody, 
you  can  blame  me  too,"  Dell  said, 


Sun  releases  servers,workstations 

■  Sun  last  week  announced  additions  to  its  server 
and  workstation  lines  with  the  Sun  Fire  and  Sun 
Ultra.  The  company  debuted  Sun  Netra  blade 
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“We  thought  that  it  will  be  more 
cost  effective  in  the  long  run  to 
go  with  an  open  source  solu¬ 
tion,  because  of  the  massive 
amounts  of  licensing  fees 
required  to  keep  the  Cisco 
CallManager  network  up  and 
running.” 

Aaron  Daniel,  senior  voice  analyst  at  Sam  Houston  State 
University 

See  story  on  page  1 


servers  and  claimed  a  nearly  20%  performance 
improvement  for  its  Sun  Fire  workgroup  servers. 
They  will  use  Sun’s  UltraSPARC  llli  processors  and 
Solaris  operating  system. Sun  said  its  new  Ultra  25 
Workstation  produces  a  300%  increase  in  perform¬ 
ance.  It  comes  preinstalled  with  Solaris  10,  Sun 
Studio,  Sun  Java  Studio  Creator  and  Sun  Java 
Studio  Enterprise.  The  company  also  said  its  Sun 
FireTlOOO  system  provides  23%  greater  availability 
and  as  much  as  300%  better  performance  for  disk 
operations.  Sun  said  it  soon  will  announce  new 
Sun  Fire  systems  based  on  the  Rev  F  version  of 
Advanced  Micro  Devices’  Opteron  processor. 


DDoS  getting  worse.  According  to  a  now  survey  of  55 
network  operators,  the  distributed  denial-of-service  attack  problem 
is  getting  worse  (disclaimer:  the  survey  was  conducted  on  behalf  of 
a  company  that  sells  anti-DDoS  products).  Particularly  worrisome  is 
the  size  of  the  attacks,  which  are  getting  into  the  IGbps  to  lOGbps 
range,  according  to  35  of  the  respondents.  See  story  at 
www.nwdocfinder.com/5115 


week.  In  June,  Novell  said  Messman  would  remain 
on  its  board  until  Oct.  31.  Novell  made  a  brief  8-K 
filing  to  the  Securities  and  Exchange  Commission 
stating  that  Messman  told  the  board  Sept. 8  that  he 
would  resign  from  the  board  effective  three  days 
later.  “This  was  just  a  personal  decision  by  Jack,” 
the  Novell  spokesman  wrote  in  an  e-mail. “If  there 
had  been  any  substantive  disagreement  with  the 
board  leading  to  his  resignation,  we  would  have 
had  to  state  that  in  the  SEC  filing.” 

Carriers  unite  for  next-gen  services 

■  Some  of  the  world’s  biggest  cellular  operators 
have  gotten  together  to  promote  their  vision  of 
what  next-generation  mobile  technology  should 
look  like.  Sprint  Nextel,  Vodafone,  China  Mobile 
Communications,  Orange,  NTT  DoCoMo,  KPN  and 
T-Mobile  International  announced  last  week  they 
have  formed  the  Next  Generation  Mobile  Networks 
initiative.  NGMN,  a  nonprofit  group  based  in 
London,  won’t  push  a  particular  type  of  network 
but  rather  a  set  of  guidelines  that  future  technolo¬ 
gies  should  follow, says  Steve  Falk,  vice  president  of 
global  standards  at  Sprint.  “We  think  that  we  can 
speak  with  a  more  organized  and  concerted  voice 
that  we  have  in  the  past,”  he  says.Vendors  and  stan¬ 
dards  organizations  had  stronger  voices  in  the 
development  of  2G  and  3G  systems.  Carriers  will 
represent  the  interests  of  their  customers,  the  end 
users,  he  says. 
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Former  Novell  head  quits  board 

■liypHHbM  ■  Novell’s  former  Chairman  and 
Nfjfl  CEO  Jack  Messman,  who  was 
ousted  from  those  positions  in 
June,  has  quit  the  company’s 
IP  board  of  directors  a  month  and  a 

L  half  ea|Tier  than  had  been  previ- 

ously  announced.  Messman  quit 
Novell’s  board  Sept.  11,  a  com- 
Jack  Messman  pany  spokesman  confirmed  last 


Oldies  but  goodies 

Thanks  to  the  miracle  of  YouTube,  you  can 
once  again  see  the  classic  'Net  video  of  the 
cube  dweller  destroying  his  PC  when  it 
doesn't  work  —  and  a  sequel  showing  what 
happens  when  the  PC  fights  back.Find  out 
more  at  www.nwdocflnder.com/5198. 
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Every  day,  you  face  lots  of 
technology  challenges. 

(Good  thing  we  have  lots  of  technology  specialists  to  help.) 


No  matter  what  the  technology  situation,  CDW  knows  getting  the  right  information  is  essential. 
That's  why  we  have  a  team  of  technology  specialists  ready  to  help.  They'll  solve  problems  and  create 
solutions.  So  the  next  time  you  need  technology  answers,  turn  to  the  specialists  at  CDW. 


Certified,  Trained  and  Trained  Some  More 

It  starts  with  weeks  of  product  and  industry  training,  and  continues  with  ongoing 
education.  Our  specialists  earn  industry-standard  certifications  as  well  as  extensive 
training  direct  from  the  industry's  leading  manufacturers. 


For  Every  Area,  A  Specialist 

When  you're  faced  with  a  technology  challenge,  help  is  just  a  phone  call  away.  We  give 
you  access  to  specialists  with  expertise  in  areas  such  as  Security,  Storage,  Networking, 
Document  Imaging,  Mobile/Wireless,  Telephony,  Voice  and  Data,  and  Software  Licensing 


The  Best  Advice,  Backed  by  the  Best  Technology 

Our  technology  specialists  consult  with  you  on  the  best  choice  of  technology  brands 
and  products  for  your  needs.  And  because  we  carry  just  about  all  leading  technology 
brands,  you  get  the  best  the  industry  has  to  offer. 


PEERSAY 

From  our  online  forums 

■  Getting  a  Cisco  security 
box  to  work.  User  smilersvay 
recently  bought  a  Cisco  ASA 
5510  Adaptive  Security 
Appliance.  Now  he  needs  help 
configuring  it  to  allow  Internet 
and  e-mail  access  to  his  users. 
Suggestions  welcome  at 
www.nwdocfinder.com/5187 

■  Patricia  Dunn’s  resigna¬ 
tion.  Many  bloggers  criticized 
not  just  her  actions  but  the  way 
HP  let  her  stay  on  its  board  of 
directors.  One  NetworkWorld. 
com  user,  however,  took  the 
contrary  view,  saying  she 
should  be  congratulated  for 
trying  to  discover  who  was 
leaking  information  about  the 
company.  What  do  you  think? 
www.nwdocfinder.com/5194 

■  Dealing  with  users. 

In  the  forum  on  our  story  on 
what  users  say  about  IT  pro¬ 
fessionals,  one  IT  manager 
replies:  “Most  times,  users  just 
nod  and  smile  when  I  make  a 
request,  then  go  ahead  and  do 
what  they  want  to  anyway. 
Surfing  Myspace,  installing 
any  old  program,  putting  files 
in  MyDocumerits,  changing 
data  directories  with  drop  and 
drag,  twiddling  with  printer 
settings.  It’s  really  a  problem 
with  management  discipline." 
www.nwdocfinder.com/5199 

■  Resolving  a  wireless 
issue.  Seems  some  folks  are 
having  problems  getting  inter¬ 
nal  Dell  wireless  cards  to  work 
with  Linksys  wireless  routers. 
One  user  says  he  came  up  with 
a  fix  after  talking  to  support  at 
both  companies:  “I  noticed  that 
the  Linksys  router  was  using 
Channel  6  on  the  wireless  link.  I 
took  a  look  at  the  different 
channels  and  the  frequencies 
that  each  one  uses.  I  decided 
to  use  11  and  ‘boom!’  It  worked 
like  a  charm." 

www.nwdocfinder.com/5101 

B  Asterisk  ready  for  prime 
time?  One  user  thinks  the 
open  source  IP  PBX  is  not 
ready  for  the  enterprise 
because  it  has  no  secretarial 
multiuser  support.  Another 
user  says  it's  easy  enough  to 
find  a  tandem  solution  for  that. 
What  do  you  think? 
www.nwdocfinder/com/5112 
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BLOGOSPHERE 

‘Stalker-ish’  and  ‘creepy’ 

Plus:  Dell’s  limits,  vicious  PCs  and  IT  stereotypes 


Facebook  may  have  gone  a  step  too  far  with  per¬ 
sonal  information,  writes  columnist  Linda  Must- 
haler:“lt  seems  that  Facebook  just  started  ampli¬ 
fying  the  embarrassing  tidbits  of  information  by 
publishing  information  as  news  feeds.  When  a 
guy  breaks  up  with  his  girlfriend,  it  can  be  pub¬ 
lished  as  a  news  headline  to  his  Facebook  bud¬ 
dies.  This  is  done  without  the  guys  permission. 
The  new  media  has  hit  a  new  low.  Facebook  sub¬ 
scribers  call  the  new  headline  format ‘stalker-ish’ 
and  ‘creepy!’’  www.nwdocfinder.com/5106 

The  PC  bites  back  Executive  Editor  Adam 
Gaffin  has  been  watching  videos  online  again. 
This  time  he  pulls  out  an  oldie  but  a  goodie  — 
in  which  a  guy  takes  out  his  frustration  on  his 
poor  PC  —  but  also  links  to  the  sequel,  where 
the  PC  has  its  day.  www.nwdocfinder 
.com/5108 


Study  in  IT  stereotypes  News  Editor  Paul 
McNamara  relates  the  results  of  a  survey  that 
indicates  the  basic  stereotypes  about  IT  people 
and  the  clothes  they  wear  are  in  full  effect.  As 
McNamara  says,  “An  appealing  portrait  this  is 
not.”  Especially  the  bit  that  says,  “IT  workers  are 
32%  less  likely  to  wear  clean  clothes  every  day  of 
the  week  than  business  managers.”  www. 
nwdocfinder.com/5109 

Dell  has  limits  to  customization  Note  to 
vendors:  Never  inconvenience  the  friend  of  a 
blogger.  Lab  Alliance  member  James  Gaskin 
writes  in  his  blog  that  his  friend  ordered  a  desk¬ 
top  and  a  Zip  drive  from  Dell  —  but  the  com¬ 
pany  wouldn’t  install  the  drive  in  the  box. 

www. nwdocfinder.com/5107 


Hot  Seat  interviews,  the  coolest  tools,  and  more 


Hot  Seat: 

A  Better 
NAC  plan 
than 
Cisco? 

StillSecure  CEO  Mitchell 
Ashely  says  his  company 
offers  greater  interoper¬ 
ability  and  broader  security 
than  Cisco. 

www.nwdocfinder.com/51 95 


Cool  Tools: 

Not  dri¬ 
ving  him 
crazy. 

Keith 

Shaw  shows  off  some  really 
cool  in-car  gadgets  that 
make  the  driving  experience 
easier  for  gadget  fans. 

www.nwdocfinder.com/51 96 


From  the  iab: 

IPS  pitfalls 
to  avoid. 

Lab 

Alliance's 
David  Newman  gives  you  an 
in-depth  look  at  our  intru¬ 
sion-prevention  systems 
that  were  tested,  and  some 
of  the  hurdles  to  look  for 
when  evaluating  IPS  for  your 
own  network. 
www.nwdodinder.com/51 97 


ASK  THE 

HELPDESK  Find  the  answers  to  these  prickly  problems  online. 

This  week:  Essential  tools  for  trips  to  remote  offices. 


Help  desk  guru  Ron  Nutter  helps  a  user  travel 
light  —  by  highlighting  the  most  essential 
tools  for  those  trips  to  remote  offices. 

Help  Desk  response: 
www.nwdocfinder.com/5102 

The  experts  at  the  Wireless  Vulnerabilities  and 
Exploits  project  explain  the  differences 
between  WPA  and  WPA2  encryption. 


Help  Desk  response: 
www.nwdocfinder.com/5103 

Storage  newsletter  writer  Mike  Karp  looks  at 
disaster  planning  five  years  after  Sept.  1 1.  Are 
you  ready?  He  looks  at  a  tool  to  make  RSS 
generation  easier. 

Help  Desk  response: 
www.nwdocfinder.com/5105 
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Should  VPN 
be  combined 
with  VoIP? 

Plus:  WAN  tech  tips; 
exploding  servers. 

VPMS:  There  are  practical  rea¬ 
sons  for  combining  VPN  tech¬ 
nology  with  Volf?  but  the  blend 
imposes  security  on  the  VoIP 
signaling  and  the  packets  car¬ 
rying  the  voice  packets  them¬ 
selves.  Senior  Editor  Tim 
Greene  examines  the  pros  and 
cons  of  carrying  voice  over 
VPNs. 

www.nwdocfinder.com/5188 

Convergence:  Analysts  Steve 
Taylor  and  Larry  Hettick  share 
advice  from  an  expert  about 
considerations  when  looking  for 
a  hosted  VoIP  service. 
www.nwdocfinder.com/5189 

Security  strategies:  How  will 
your  organization  cope  with 
unfavorable  news?  Will  you 
delay  responses  to  legitimate 
questions?  Suppress  the  truth?  Or 
will  you  focus  on  clear,  timely 
answers  to  the  questions?  M.E. 
Kabay  reports. 

www.nwdocfinder.com/5190 

Servers:  YouTube  is  a  cornu¬ 
copia  of  video  mastery  and 
Senior  Editor  Deni  Connor 
spent  some  time  seeking  out 
some  of  the  hilarious,  cringe¬ 
worthy  and  downright  nasty 
home  videos  of  some  servers 
and  their  long-suffering  admin¬ 
istrators.  Read,  watch  and  won¬ 
der  just  what  goes  on  in  other 
people’s  data  centers. 
www.nwdocfinder.com/5191 

Network  optimization: 

Netcordia  CEO  Terry  Slattery 
shares  his  tech  tips  with  Senior 
Editor  Denise  Dubie.  He  discuss¬ 
es  how  to  determine  routing 
origins. 

www.nwdocfinder.com/5192 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder.com/1 002 
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NetVanta  7100 
Integrated  IP  PBX,  Voicemail, 
Auto  Attendant,  Router,  24-port 
PoE  Switch,  VPN,  Firewall 

ADTRAN  offers  a  broad 
range  of  IP  phones  to 
meet  your  business 
communication  needs 


The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  and  VPN/Firewall  solutions, 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box — 
provides  a  complete  solution  for  growing  small  and  medium 
■  businesses.  Your  office  communications  can  be  up  and  running 

1  f 

quickly  and  smoothly  with  this  converged  IP  platform. 


A  NetVanta  7100: 

A  phone  system  and 
data  network, 

all  in  a  single  device 


Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  lower  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN ’s  100%  satisfaction  guarantee,  backed 
by  industry-leading  technical  support  (before  and  after  the  sale), 
free  firmware  upgrades,  and  a  full  5-year  warranty. 


www.adtran.  com/ipt 

1.800  9 ADTRAN 

(923-8726) 


The  Network  Access  Company 


Copyright®' 2006  ADTRAN  Inc  All  rights  reserved.  ADTRAN  and  NetVanta  are  registered 
trademarks  of  ADTRAN,  Inc.  Five-year  warranty  applies  in  North  America  and  Europe. 
Polycom  is  a  registered  trademark  of  Polycom,  Inc.  EN09B091806NWW 
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ideo  over  IP  the  next  battleground 


VON  Founder  Jeff  Pulver  warned  show  attendees  in  Boston  last  week  that 
possible  FGC  moves  could  hinder  legitimate  IP  video  content  development 


BY  TIM  GREENE 
AND  PHIL  HOCHMUTH 

BOSTON  —  The  scope  of  the 
Voice  on  the  Network  conference, 
which  was  staged  for  the  first  time 
10  years  ago  to  fight  regulations 
stifling  development  of  VoIP  was 
broadened  in  Boston  last  week  to 
include  video  over  IB  and  the 
early  fight  might  be  about  regula¬ 
tion  all  over  again. 

VON  founder  Jeff  Pulver  said 
he  expects  the  FCC  to  push  reg¬ 
ulations  that  might  be  well- 
intentioned  but  nevertheless 
have  the  effect  of  hindering  the 
growth  of  Internet  video  just  as 


it  is  taking  hold. 

He  pointed  to  comments  at  VON 
by  FCC  Commissioner  Deborah 
Tate  that  the  FCC  probably  will 
consider  regulations  to  ban  child 
pornography  on  the  Internet. 
Those  regulations  could  restrict 
the  development  of  legitimate 
content,  he  said.  “1  consider  it  a 
warning  shot,”  Pulver  said. 

The  experience  VON  founders 
gained  by  lobbying  Congress  and 
testifying  before  the  FCC  to  pro¬ 
tect  VoIP  from  phone  regulations 
will  help  with  this  new  battle,  he 
said. “The  VON  coalition  will  take 
people  through  the  stages  of 


what’s  going  to  happen,”  he  said. 

VONs  success  and  the  prolifera¬ 
tion  of  VoIP  have  gone  hand  in 
hand.  This  year  the  show  drew 
nearly  10,000  people  to  the 
Boston  Convention  Center,  a  far 
cry  from  the  240  people  who 
attended  the  first  VON  10  years 
ago  at  a  hotel  in  the  Soho  section 
of  New  York  City  While  this  year 
Pulver  looked  ahead  to  the  com¬ 
ing  of  video  over  the  ’Net,  most  of 
the  products  and  services  in  show 
booths  still  focused  on  VoIP  with 
security  a  key  theme. 

During  seminars  on  the  topic, 
users  were  urged  to  build  securi¬ 
ty  into  their  VoIP  plans  rather 
than  trying  to  tack  it  on  later.  For 
instance,  speaker  Vincent  Kasa- 
bian,  senior  network  engineer  at 
Liberty  Mutual,  said  VoIP  secu¬ 
rity  is  a  fundamental  part  of  the 
network  because  the  company’s 
wireless  LANs  (WLAN)  were  in¬ 
stalled  to  support  mobile  voice. 

Just  as  corporate  security 
experts  have  worried  that  wire¬ 
less  data  networks  are  vulnerable 
to  attackers  and  eavesdroppers, 
so  they  should  worry  about  VoIP 
over  Wi-Fi  calls  being  picked  up, 
he  said. “There  are  certainly  secu¬ 
rity  concerns.” 

The  company  separates  voice 
from  data  on  its  wired  network  via 
virtual  LANs,  he  said.  This  helps 
protect  VoIP  from  data  infrastruc¬ 
ture  attacks  that  monopolize 
bandwidth,  he  said. 

Liberty  Mutual  has  two  WLANs, 
one  based  on  802.11a  and  one 
on  802.1  lg. “The  idea  is  that  the 
802.11a  radios  provide  more 
data  throughput,  while  the 
802.1  lg  radios  are  dedicated  to 
voice  onlyf  Kasabian  said. “I  can 
have  separate  security  policies 
on  the  802.1  lg  radios  vs.  the 
802.11a  radios.” 

The  data  wireless  network 
already  uses  the  802.1  li  standard, 
which  includes  encryption  and 
port  authentication.“We’ll  soon  be 
migrating  to  802.1  li  for  voice  as 
well,”  he  adds. 

Vendors  are  starting  to  recog¬ 
nize  the  importance  of  encrypting 
VoIP  traffic  to  protect  confiden¬ 
tiality  For  example,  BorderWare 
announced  at  the  show  it  is 
licensing  phone-to-phone  authen¬ 
tication  encryption  software  from 
Zfone,  a  company  founded  by 
Phil  Zimmerman,  the  inventor  of 
Pretty  Good  Privacy  data  encryp¬ 


tion  software.  The  plan,  Border- 
Ware  said,  is  to  integrate  the  soft¬ 
ware  with  its  SIPAssure  firewall. 

VPN  hardware  maker  KoolSpan 
said  it  has  a  deal  with  ruggedized 
PDA  vendor  mobID  to  embed 
KoolSpan’s  VPN  encryption  tech¬ 
nology  in  moblD’s  ruggedized 
handheld  computers  that  support 
VoIP  All  transmissions  from 
moblD’s  devices  could  be 
encrypted.  The  devices  are  used 
primarily  by  the  military  to  scan 
fingerprints,  faces  and  voices  to 
determine  whether  a  person  is  a 
terrorist.  They  also  communicate 
back  to  central  locations. 

Such  security  concerns  are  war¬ 
ranted  given  the  proliferation  of 
tools  that  help  hackers,  said 
another  VON  speaker,  Mark 
Williams,  vice  president  of 
Tactical  Security  a  company  that 
advises  and  trains  businesses  in  IT 
security 

Tools  meant  to  analyze  traffic 
can  zero  in  on  real-time  protocol 
packet  streams  for  eavesdropping 
or  be  copied  to  files  that  can  be 
listened  to  later, he  said.Voice  over 
Misconfigured  IP  Telephony  is  a 
tool  designed  specifically  to  do 
this,  but  the  analyzer  Cain  can  do 
the  same  and  has  recently  been 
updated  with  a  VoIP-specific  tool. 
Similarly,  Wireshark  captures  traf¬ 
fic  and,  via  a  more  cumbersome 
route,  produces  the  same  results. 
“Every  tool  can  be  misused,” 
Williams  said. 

Although  VoIP  is  likely  to  domi¬ 


nate  at  VON  for  some  time,  Pulver 
said  video  over  IP  will  grow 
rapidly  and  drive  innovation  and 
spending.  As  video  on  demand 
replaces  traditional  TV  the  tech¬ 
nology  will  lend  itself  to  more 
sophisticated  technologies  for 
selling  products. 

It  is  possible,  for  instance,  to 
code  a  video  so  a  viewer  could 
run  a  cursor  over  the  shirt  an 
actor  is  wearing  and  right  click  on 
it  to  find  out  more  about  it  and  left 
click  to  buy  it,  Pulver  said. 

Advertisers  could  tap  the  demo¬ 
graphics  of  all  viewers  and  per¬ 
sonalize  advertisements  that 
come  along  with  video  content. 
“It’s  totally  intrusive,  but  trust  me,  it 
could  happen,”  he  said. 

At  the  same  time,  sharing  simi¬ 
larities  with  TV  networks  could 
attract  the  attention  of  govern¬ 
ment  entities  that  tax  and  regulate 
network  franchises. 

The  FCC,  which  regulates  broad¬ 
cast  and  cable  television,  might 
try  to  regulate  these  personal  net¬ 
works  as  well  because  they  are 
“TV-like,”  he  said.  “There  are  ways 
to  fight  this,"  he  added.  “Don’t  let 
regulation  get  in  the  way  of  your 
innovation.”  ■ 


t  Editor  in  Chief  John  Dix 
notes  how  VON  officials  are 
looking  to  the  future  with 
voice  over  IP.  Page  38. 


Web  services  techs 
set  free  by  Microsoft 

BY  JOHN  FONTANA 

SANTA  CLARA  -  In  a  move  mostly  designed  to  open  up  its  identity 
infrastructure,  Microsoft  said  last  Tuesday  that  it  would  drop  intellectual- 
property  and  patent  claims  to  35  Web  services  protocols  it  has  devel¬ 
oped  and  make  them  available  license-free  for  anyone  to  use. 

At  IDG’s  annual  Digital  ID  World  conference,  the  company  quietly 
issued  the  Microsoft  Open  Specification  Promise  (OPS),  which  gives 
developers  free  access  to  many  of  the  Web  services  protocols  Microsoft 
has  developed  over  the  years. 

The  protocols  include  the  current  versions  of  protocols  in  the  WS-* 
security  stack  and  those  that  are  used  as  the  foundation  for  the  com¬ 
pany’s  year-old  Identity  Metasystem  infrastructure  and  its  InfoCard  and 
companion  CardSpace  technologies. 

The  announcement  was  posted  on  the  blog  of  Kim  Cameron, 
Microsoft’s  identity  architect,  at  www.nwdocfinder.com/5185.  It  in¬ 
cluded  endorsements  from  third-party  rivals,  such  as  Red  Hat. 
Cameron  and  colleague  Mike  Jones  worked  to  get  OPS  approved  in 
the  executive  and  legal  ranks  at  Microsoft.  Bob  Muglia,  senior  vice 
president  of  Microsoft’s  server  and  tools  business  and  Microsoft’s 
patent  lawyers  signed  off  on  the  OPS  document  Tuesday 

Cameron  wrote  on  his  blog:“The  goal  was  to  find  the  simplest,  clear¬ 
est  way  of  assuring  that  the  broadest  possible  audience  of  develop¬ 
ers  could  implement  specifications  without  worrying  about  intellec¬ 
tual-property  issues  —  in  other  words, a  simplified  method  of  sharing 
‘technical  assets.’” 

OPS  is  a  legal  document  that  hinges  on  a  promise  not  to  assert  (that 
is,  enforce  patents).  It  is  self-executing,  meaning  developers  don’t 
have  to  sign  anything  to  use  the  protocols.  Similar  legal  documents 
not  to  assert  rights  over  patents  have  been  used  recently  by  IBM,  Sun 
and  Oracle.  OPS  is  similar  to  another  promise  not  to  assert  patents 
that  Microsoft  made  last  year  regarding  its  Office  2003  XML 
Reference  Schema. 

There  is  no  doubt,  however,  that  Microsoft’s  OPS  will  be  subjected  to 
interpretation  and  scrutiny  over  certain  provisions, such  as  the  fact  that 
it  covers  only  current  versions  of  the  protocols  and  reserves  commit¬ 
ments  on  future  iterations.  Nonetheless,  Microsoft  hopes  OPS  aligns 
closely  with  open  source  licensing. 

“This  is  a  significant  step  forward,”  says  Jamie  Lewis,  Burton  Group 
president  and  CEO.“Microsoft  has  been  talking  consistently  about  want- 

See  Microsoft,  page  12 


Global  companies  have  teams  everywhere. 

To  help  them  share  ideas,  Xerox  multifunction  systems 
and  software  put  everyone  on  the  same  playing  field. 

There’s  a  new  way  to  look  at  it. 


Running  a  global  company  requires  secure  worldwide 
information  sharing.  Luckily,  Xerox  has  a  solution  for 
everyone  on  your  team.  Using  Xerox  multifunction 
systems  and  Xerox  DocuShare®  software,  documents 
can  be  securely  scanned  to  the  Web.  This  way  people 
throughout  your  global  network  can  share  them.  This 
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Symantec,  Juniper  unite  on  security 
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BY  ELLEN  MESSMER 

Juniper  Networks  and  Symantec  last  week 
announced  they  have  formed  a  broad  strate¬ 
gic  partnership  that  includes  product  devel¬ 
opment  in  areas  of  unified  threat  manage¬ 
ment,  intrusion-prevention  systems  and  end¬ 
point  compliance. 

Scott  Kriens,  chair  and  CEO  of  Juniper,  and 
John  Thompson,  chair  and  CEO  of  Symantec, 
said  Juniper  will  take  the  lead  in  building 
hardware  appliances,  with  Symantec  provid¬ 
ing  software-based  antivirus  and  antispam 
content  filtering.  The  partnership  ends 
Symantec’s  struggle  to  develop  appliance- 
based  hardware  that  is  the  foundation  for 
Symantec  Gateway  Security  (SGS)  products. 

“Customer  hardware  development  was  not 
our  forte,”Thompson  said. 

Jeremy  Burton,  group  president  of  security 
and  data  management  at  Symantec,  indi¬ 
cated  that  the  company  will  provide  cus¬ 
tomer  support  for  SGS  appliances  for  the  next 
three  years  or  so,  with  content  updates.  “But 
we  won’t  materially  enhance  the  features 


sets,”  he  said.  When  customer  contracts 
expire,  Symantec  will  recommend  a  “compa¬ 
rable  Juniper  box,”  he  said. 

For  Juniper,  the  partnership  that  brings 
together  the  marketing,  sales  and  engineering 
teams  of  the  companies  is  expected  to  lead  to 
the  development  of  new  UTM  appliances, 
especially  for  service  providers. 

Hitesh  Sheth,  vice  president  of  enterprise 
products  and  solutions  at  Juniper,  said  the 
company’s  Secure  Services  Gateway  line  of 
UTMs  is  for  enterprises  and  carriers.  While 
Symantec  provides  only  antispam  content  fil¬ 
tering  for  Juniper  UTM  appliances,  its  antivirus 
content  filtering  will  be  added  in  the  future. 
Future  UTM  products  developed  with 
Symantec  will  rely  on  Juniper’s  firewall  and 
IPS  technology  he  said. 

In  addition,  the  firms  will  collaborate  on  de¬ 
veloping  new  endpoint  security  software, start¬ 
ing  with  licensing  Juniper’s  802.  lx  supplicant 
software  to  Symantec. 

The  strategic  partnership  is  not  exclusive, 
however,  and  Juniper  and  Symantec  do  not 


foresee  changes  associated  with  vendor  part¬ 
ners  that  already  exist.  For  instance,  Kaspersky 
Lab  is  an  antivirus  software  provider  on 
Juniper  security  gear. 

Gartner  analyst  John  Pescatore  said  the 
underlying  motivation  behind  the  Juniper- 
Symantec  partnership  appears  to  be  “the 
enemy  of  my  enemy  is  my  friend”  —  that 
enemy  being  Cisco. 

Other  UTM  news  includes  a  partnership 
agreement  being  announced  this  week  be¬ 
tween  Crossbeam  Systems  and  Internet  Se¬ 
curity  Systems  (ISS)  to  collaborate  on  a  carri¬ 
er-class  UTM  appliance. 

According  to  Clarence  Morey  director  of  mar¬ 
ket  development  at  ISS,  and  Throop  Wilder,  vice 
president  of  marketing  at  Crossbeam,  the  com¬ 
panies  will  work  together  on  a  high-end  device 
that  carriers,  wireless  providers  and  ISPs  could 
use  to  provide  managed  IPS  services. 

The  UTM  appliance,  expected  out  later  this 
quarter,  would  be  based  on  virtual-domain 
technology  and  IPS  filtering  from  ISS  integrat¬ 
ed  into  a  Crossbeam-built  box.H 


Microsoft 

continued  from  page  10 

ing  to  see  not  only  interoperabil¬ 
ity  but  functional  equivalency  for 
its  identity  technology  on  other 
platforms.” 

While  licensing  was  the  major 
hurdle,  lesser  details  also  have  to 
be  worked  out,  including  the  meta 
models  and  schema  that  Micro¬ 
soft  used  to  implement  its  own 
identity  technology  such  as 
InfoCard  and  CardSpace. 
Microsoft  has  not  reached  deci¬ 
sions  about  how  that  will  be 
accomplished. 

“The  protocols  alone  do  not 
give  you  functional  equivalency 
Burton  Group’s  Lewis  says.  “But 
clearly  Microsoft  is  serious  about 
seeing  the  functional  equivalency 
of  CardSpace  moving  beyond  the 
Windows  platform,  and  this  is  a 
huge  step  that  changes  the  con¬ 
text  of  these  discussions.” 

One  of  the  immediate  changes 
is  that  any  independent  software 
vendor  now  can  freely  develop 
client  interfaces  and  back-end 
components  that  are  interopera¬ 
ble  with  Microsoft’s  Identity 
Metasystem,  which  was  intro¬ 
duced  last  year. 

The  major  focus  is  on  InfoCard 
and  the  user  interface  built  on 
that  technology  called  Card- 
Space,  which  is  slated  to  ship 
with  Vista  later  this  year. 
CardSpace  presents  users  with 


Unlocking  IP  chains 

Microsoft  last  week  said  it  would  cut  intellectual  property  and 
patent  claims  to  35  Web  services  protocols  it  has  developed 
for  security  and  identity  management. 


WS-Addressing 

WS-AtomicTransaction 

WS-BusinessActivity 

WS-Goordination 

WS-Discovery 

WSDL 

WSDL  1.1  Binding  Extension  for  SOAP  1.2 

WS-Enumeration 

WS-Eventing 

WS-Federation 

WS-Federation  Active  Requestor  Profile 
WS-Federation  Passive  Requestor  Profile 

WS-Managcment  _ 

WS-Management  Catalog 

WS-MetadataExchange 

WS-Policy 

WS-PolicyAttachment 

WS-ReliableMessaging 

an  identity  selector,  basically  a 
palette  of  secure  identity  cards 
that  can  be  used  to  authenticate 
to  various  network  resources  or 
Web  sites. 

Under  OPS,  third  parties  can 
develop  their  own  user  interfaces 


WS-RM  Policy 

Remote  Shell  Web  Services  Protocol 
WS-SecureConversation 
WS-Security:  Kerberos  Binding 
WS-3euurity:  SOAP  Message  Security 
WS-Security:  UsernameToken  Profile 
WS-Security:  X.509  Certificate  Token 
Profile 

WS-SecurityPolicy 

SOAP 

SOAP  1.1  Binding  for  MTOM  1.0 

SOAP  MTOM  /  XOP 

SOAP-over-UDP 

WS-Transfer 

WS-Trust 

WS-I  Basic  Profile 

Web  Single  Sign-On  Interoperability  Profile 

Web  Single  Sign-On  Metadata  Exchange 
Protocol  _ 

similar  to  CardSpace,  free  from 
contractual  obligations,  and  pro¬ 
vide  an  identity  client  on  any  plat¬ 
form  and  interoperate  with  the 
Identity  Metasystem  back-end 
infrastructure. 

The  open  source  Higgins 


Project,  begun  last  year  by  IBM, 
Novell  and  a  handful  of  acade¬ 
mics,  plans  to  use  the  protocols  as 
part  of  its  ongoing  work  to  create 
a  software  framework  that  makes 
it  easier  for  IT  to  integrate  identity 
systems. 

OPS  also  opens  access  to  proto¬ 
cols  such  as  WS-Trust,  the  founda¬ 
tion  for  the  back-end  infrastruc¬ 
ture  of  Identity  Metasystem.  That 
infrastructure  hinges  on  Micro¬ 
soft’s  Security  Token  Service,  a 
lightweight  gateway  based  on  WS- 
Trust  for  servers  and  clients  that 
negotiates  the  exchange  of  secu¬ 
rity  tokens,  such  as  Kerberos  or 
the  Security  Assertion  Markup 
Language. 

Some  of  the  35  protocols 
Microsoft  has  singled  out  have 
passed  through  the  standards 
process,  mainly  at  the  Organi¬ 
zation  for  the  Advancement  of 
Structured  Information  Stan¬ 
dards,  which  does  not  require  ven¬ 
dors  to  relinquish  their  intellect¬ 
ual-property  rights.  The  OPS,  how¬ 
ever,  applies  in  either  case.  Some 
have  been  approved  by  OASIS; 
others  have  not  been  submitted 
to  a  standards  process. 

Many  of  the  35  protocols  were 
developed  in  conjunction  with 
IBM,  which  has  made  a  similar 
move  to  free  intellectual-property 
constraints  on  the  protocols.  IBM 
is  building  many  of  the  protocols 
into  its  open  source  Eclipse 
framework.  ■ 
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How  do  you  turn  a  captive  audience  into 
a  captivated  audience? 
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solutions  to  increase  both  profitability  and  efficiency.  Maximized  viewing 
capabilities.  It’s  one  more  way  NEC  empowers  people  through  innovation. 
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PIV 

continued  from  page  1 

Administration  (GSA)  to  systems 
integrator  BearingFbint  to  provide 
PIV  enrollment  services  and  iden¬ 
tity  cards,  is  up  in  the  air.  Com¬ 
petitors  Lockheed  Martin,  Xtec 
and  Electronic  Data  Systems  filed 
legal  protests  two  weeks  ago. 
When  a  contract  is  protested  —  a 
common  occurrence  in  the 
world  of  government  —  the  work 
usually  stops.  But  not  this  time. 

To  meet  the  Oct.  27  deadline,  the 
GSA  —  designated  by  the  White 
House  Office  of  Management  & 
Budget  (OMB)  last  year  as  the 
executive  agent  for  government¬ 
wide  acquisitions  of  HSPD-12- 
related  IT —  is  plowing  on. 

The  GSA  says  BearingPoint  has 
been  instructed  to  go  ahead  as 
planned  and  open  PIV  enroll¬ 
ment  centers  in  Washington,  D.C., 
New  York,  Atlanta  and  Seattle. 

“The  whole  intent  is  to  improve 
the  security  of  the  U.S.,”  says 
Michel  Kareis,  PIV  program  man¬ 
ager  at  the  GSA.“The  GSA  is  setting 
these  centers  up  as  a  shared  ser¬ 
vices  solution  so  agencies  don’t 
have  to  set  them  up  on  their  own.” 

Kareis  says  she  expects  about 
400,000  government  employees  to 
get  their  PIV  cards  from  these  ser¬ 
vices  by  appearing  in  person  with 
proof  of  identity,  and  have  their 
photo  and  fingerprints  taken. 

The  GSA,  which  hopes  to  see  the 
government  resolve  the  protests 
against  BearingPoint  by  the  end  of 
the  month,  intends  to  add  100  ser¬ 
vice  centers  in  the  United  States, 
probably  at  government-owned 
facilities  that  it  runs. 

Under  the  OMB  guidelines,  fed¬ 
eral  agencies  have  to  acquire  the 
PIV  products  and  services  from 
GSA-approved  lists,  and  high-tech 
contractors  have  been  lining  up 
seeking  approval. 

That  process  requires  vendors  to 
have  products  tested  in  govern¬ 
ment  labs  to  see  if  they  meet  tech¬ 
nical  requirements,  says  Scott 
Price,  group  senior  vice  president 
in  General  Dynamics’  IT  group. 
General  Dynamics  was  approved 
in  July  as  an  HSPD-12  system 
provider. 

Defining  the  PIV  technology  has 
been  no  small  matter.  Two  years  is 
scant  time  to  establish  govern¬ 
ment  standards  and  confor¬ 
mance  testing  of  products,  in¬ 
cluding  smart  cards,  readers,  bio¬ 
metrics,  middleware  and  public- 
key  encryption. 

But  the  National  Institute  of 


A  short  history  of  Personal  Identity 

Verification  cards 

The  deadline  is  looming  for  agencies  to  meet  a  presidential 

mandate  issued  in  2004. 

August  2004  President  Bush  issues  Homeland  Security  Presidential  Directive 
(HSPD-12)  mandating  federal  agencies  be  prepared  to  issue  a 
standards-based  identity  card  for  physical  and  logical  access 
control  by  Oct.  27, 2006. 

February  2005  The  National  Institute  of  Standards  and  Technology  issues  Federal 
Information  Processing  Standard  201  (FIPS  201)  and  later 
establishes  the  NIST  Personal  Identity  Verification  (PIV)  program 
to  test  and  validate  PIV  components  and  subsystems. 

August  2005  The  White  House  Office  of  Management  &  Budget  issues 

implementation  guidance  for  federal  department  and  agencies, 
and  in  June  designates  the  General  Services  Agency  (GSA)  as 
the  executive  agency  for  government-wide  acquisitions  of  IT  related 
to  HSPD-12. 

August  2006  The  GSA  sets  up  the  HSPD-12  Managed  Services  Office  as  a 
source  to  acquire  FIPS  201-compliant  equipment,  software  and 
services  in  order  to  leverage  the  collective  buying  power  of  the 
government. 


Standards  and  Technology  (NIST) 
has  issued  the  necessary  stan¬ 
dard,  known  as  the  Federal 
Information  Processing  Standard 
201,  and  lined  up  about  a  dozen 
labs  to  test  FIPS  201  conformance 
for  vendor  PIV  products. 

These  third-party  test  facilities 
include  Atlan  Laboratories,  BKP 
Security  Labs,  BT  Crytographic 
Module  Testing  Laboratory,  Coact, 
Cybertrust’s  ICSA  Labs  and  Info- 
Gard  Laboratories. 

But  here,  too,  it  is  down  to  the 
wire,  because  the  labs  aren’t  yet 
officially  accredited. “The  labs  are 
in  a  probation  period,”  says  Bill 
MacGregor,  NIST  PIV  program 
manager,  about  the  dozen  facili¬ 
ties  undergoing  the  accreditation 
process.  MacGregor  says  he  ex¬ 
pects  the  process  to  be  finalized 
by  the  end  of  the  month. 

In  the  meantime,  NIST  is  pub¬ 
lishing  prevalidation  product  lists 
that  include  offerings  from 
Oberthur  Card  Systems,  Gemalto 
(formerly  Gemplus),ActivIdentity 
SETECS,  ImageWare  Systems, 
Sagem  and  RSA  Security.  “In  the 
middleware  testing,  we  basically 
define  an  API  for  commercial 
products  for  PIV  cards,”  Mac¬ 
Gregor  says. 

Ed  MacBeth,  senior  vice  presi¬ 
dent  for  marketing  and  business 
development  at  Activldentity,  says 
the  NIST  test-validation  process 
has  involved  a  “self-certification 
process”that  entails  running  prod¬ 
ucts  —  such  as  Activldentity’s 
ActivClient,  which  is  smart-card 
middleware  —  through  testing 


process  and  procedures  that  NIST 
has  published. 

“It’s  like  submitting  a  drug  for 
approval  by  the  FDA,”  MacBeth 
says.“You  exhibit  your  results.” 

The  NIST  test  regimen  won’t  in¬ 
volve  testing  every  line  of  code  in 
PIV  applications,  because  this 
isn’t  required  under  the  FIPS  201. 
“FIPS  201  doesn’t  standardize  on 
back-end  interfaces,”  MacGregor 
points  out. 

The  NIST  PIV  standard  is  based 
on  the  most  recent  ANSI  card  and 
biometrics  standards. The  FBI  has 
been  testing  the  fingerprint  bio¬ 
metrics  conformance  in  PIV  prod¬ 
ucts  in  FBI  labs. 

The  whole  PIV  technical  effort 
constitutes  “a  makeover  of  the 
marketplace,”  MacGregor  says, 
adding  that  the  government  PIV 
push  should  bring  interoperabil¬ 
ity  to  smart-card-based  identity 
management.  “Much  of  the  bio¬ 
metrics  products  have  been 
based  on  proprietary  matching 
methods  and  storage  methods,”  he 
points  out. 

The  PIV  cards,  readers  and  mid¬ 
dleware  should  allow  for  “govern¬ 
ment  card  portability  MacGregor 
says.  The  goal  is  that  any  PIV  card 
that’s  good  at  one  agency  should 
be  able  to  be  used  in  any  PIV 
application  at  another  agency 
that’s  PlV-compliant  to  the  extent 
that  applications  define  them¬ 
selves  closely  by  middleware. 

But  will  the  gear  be  interopera¬ 
ble?  To  find  out,  NIST  last  May  in¬ 
vited  PIV  product  vendors  to  NIST 
headquarters  in  Gaithersburg, 


Md.,to  discuss  their  products  and 
demonstrate  how  well  they 
worked  together. 

About  four  dozen  companies 
supplying  PIV  cards,  enrollment 
and  identity  management  sys¬ 
tems,  issuance  and  printing,  con¬ 
tact  readers,  contactless  readers 
and  physical-access  control  sys¬ 
tems,  PKI  and  biometrics 
showed  up. 

According  to  MacGregor,  a 
month-long  examination  left 
him  fairly  optimistic.  However, 
he  noted  it  did  prompt  NIST  to 
release  a  short  “interoperability 
definition”  of  two  pages  defin¬ 
ing  further  card-to-reader 
recommendations. 

How  PIV  is  to  connect  into  any 
legacy  systems  is  outside  the 
scope  of  the  FIPS  201  standard 
and  will  have  to  be  addressed  by 
agencies  and  their  vendor  part¬ 
ners,  MacGregor  says. 

The  Department  of  Defense, 
which  over  several  years  has 
issued  millions  of  its  own 
Common  Access  Cards  (CAC) 
which  are  not  FTPS  201-compliant, 
won’t  have  to  meet  the  Oct.  27 
deadline  the  same  way  other 
agencies  must.  That’s  because  the 
Defense  Department,  along  with  a 
handful  of  other 
agencies,  including 
the  Department  of 
Veterans  Affairs 
(VA),  has  received 
special  exemption 
from  the  OMB, 
though  it  must  sub¬ 
mit  a  plan  for 
migration. 

But  the  Defense 
Department  is 
expected  to  add 
FIPS  201  support  to 
the  CAC  card  in 
order  to  share  nec¬ 
essary  identity  data 
with  PIV  applica¬ 
tions.  “Defense 
Department  would 
be  the  first  to  admit 
they  are  not  compli¬ 
ant  with  FIPS  201, 
but  they’re  working 
toward  it,”  says  Tom 
Greco,  vice  president  at  Cyber¬ 
trust,  which  is  providing  public- 
key  infrastructure  and  certificate 
management  as  part  of  the 
BearingFbint  team. 

Handheld  reader 

Some  vendors  are  building  pro¬ 
ducts  to  support  the  Defense 
Department  and  FIPS  201 -based 
cards.  CoreStreet,  for  example,  last 


week  announced  Pivman  System, 
a  handheld  mobile  device  intend¬ 
ed  as  a  PIV  and  Defense  Depart¬ 
ment  card  reader  to  be  used  by 
government  personnel  respond¬ 
ing  to  emergencies. 

“If  there’s  a  disaster  or  emer¬ 
gency  there  will  be  a  lot  of  people 
going  to  the  scene  to  render  help,” 
says  Phil  Libin,  CoreStreet’s  pres¬ 
ident. “The  question  is,  who  gets 
admittance?” 

The  Pivman  handheld  device 
can  be  used  to  check  identity  of 
personnel  based  on  the  holder’s 
PIV  card,  with  authentication 
provided  directly  through  Piv¬ 
man  and  with  additional  infor¬ 
mation  stored  in  remote  databas¬ 
es  that  can  be  accessed  over  a 
Wi-Fi  or  General  Packet  Radio 
Service  network. 

If  needed,  the  Pivman  mobile 
device  can  supply  information 
obtained  from  back-end  databas¬ 
es  about  the  card  holder  based 
on  role,  such  as  firefighter  or  med¬ 
ical  personnel.The  Department  of 
Homeland  Security  is  said  to  be 
testing  the  Pivman  System. 

Activldentity,  whose  card-man¬ 
agement  software  supports  the 
CAC  and  the  Government  Smart 
Card  Interoperability  Standard,  an 
earlier  government 
standard  said  to  be 
used  in  a  half-mil- 
lion  smart  cards  at 
the  VA,  views  PIV  as 
an  evolution. 

“PIV  establishes  a 
rigorous  process  for 
identity  verifica¬ 
tion,”  Macbeth  says. 
PIV  also  will  touch 
the  private  sector, 
such  as  Northrup 
Grumman,  because 
government  con¬ 
tractors  will  have  to 
use  it,  he  points  out. 
But  it’s  uncertain 
how  quickly  it 
would  be  adopted 
by  companies  in  the 
private  sector  not 
falling  under  the 
HSPD-12  mandate. 
The  transition 
from  any  older  technologies  used 
for  physical  or  logical  access  is 
going  to  be  a  slow  process, 
according  to  many 

“It  can’t  all  be  done  on  Day 
One,”  MacGregor  says.  “There’s  a 
transition  that  has  to  occur,  and  it 
will  take  a  long  time  to  move  from 
older  magnetic-strip  cards  that 
some  agencies  use  for  physical 
access  to  PIV’B 


This  mobile  device  is  able 
to  check  the  identity  of 
emergency  personnel  at 
the  scene. 
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say,  because  network  managers 
now  are  also  responsible  for  appli¬ 
cation  performance. 

“Network  management  has 
been  evolving  away  from  manag¬ 
ing  the  network  on  a  component 
or  device  level,  to  managing  it  as  a 
delivery  system  for  application 
services,”  says  Dennis  Drogseth,  a 
vice  president  with  Enterprise 
Management  Associates.  “The  net¬ 
work  team  is  being  called  upon  to 
troubleshoot  and  prevent  applica¬ 
tion  performance  problems,  be¬ 
cause  the  network  touches  appli¬ 
cations  and  applications  can  be 
scattered  across  a  distributed  net¬ 
work  in  pieces.” 

Vendors  add  app  intelligence 

Network  General  is  debuting  its 
Network  Intelligence  Suite,  which 
couples  its  Visualizer  4.2  products 
with  NetVigil  4.2  software  from 
Fidelia  (acquired  in  February). 
The  company  also  is  announcing 
a  series  of  Business  Forensics 
packages,  which  use  Visualizer 
and  NetVigil  software,  along  with 
analysis  and  intelligence  on  spe¬ 
cific  technologies,  such  as  VoIP 
Network  Physics  also  is  using  In¬ 
terop  to  air  its  latest  offerings, 
which  it  says  are  better  now  at 
managing  Volf?  SAP  and  other 
applications  (see  story,  page  29). 

NetVigil  4.2  installs  in  a  Linux 
environment  with  a  SQL  database 
on  the  back  end;  Visualizer  4.2  is  a 
probe  that  installs  at  various 
points  on  the  network.  Network 
General  says  Fidelia’s  technology 
lets  customers  group  elements 
and  manage  them  across  an  infra¬ 
structure  as  a  service,  instead  of 
having  to  tackle  performance 
problems  with  distributed  net¬ 
work  protocol  analysis  tools. 

Barney  McCauley,  principal  IT 
specialist  for  the  Sacramento 
Municipal  Utility  District  in  Cali¬ 
fornia,  says  the  combination  of 
Network  General  probe  technol¬ 
ogy  and  NetVigil  software  lets  his 
team  monitor  traffic  between  two 
data  centers  and  optimize  his  net¬ 
work  to  best  support  both  loca¬ 
tions.  He  tested  a  beta  version  of 
the  suite  and  liked  what  he  saw. 

“We  were  looking  for  a  way  to 
see  the  traffic  in  real  time  and  his¬ 
torically  so  we  could  make  sure 
we  had  not  moved  too  much  net¬ 
work  traffic  from  one  data  center 
to  the  other?  McCauley  says.  “We 
will  now  be  able  to  track  the  net¬ 
work  volumes  with  NetVigil  and 


using  the  Visualizer  reporting,  we 
can  determine  the  application 
protocols  that  were  the  source  of 
the  traffic.” 

Pricing  for  NetVigil  4.2  starts  at 
$55,000.  Visualizer  4.2  costs 
about  $45,000. 

Newcomers  widen  scope 

Also  at  Interop,  Groundwork 
Open  Source  and  Splunk  will 
show  off  versions  of  their  flagship 
products  with  dashboard,  report¬ 
ing  and  performance  enhance¬ 
ments  to  provide  IT  managers  in 
enterprises  and  small  and  midsize 
businesses  (SMB)  a  more  com¬ 
plete  network-management  alter¬ 
native  to  products  from  BMC 
Software,  CA,  HP  and  IBM. 

“Reporting  is  one  of  the  features 
in  management  products  that  you 
can  never  have  enough  of.  Cus¬ 
tomers  need  to  get  real-time,  his¬ 
torical,  trend,  analysis  and  busi¬ 
ness-impact  data  in  their  report¬ 
ing,”  says  Cameron  Haight,  a  re¬ 
search  vice  president  at  Gartner. 

Groundwork,  for  instance, 
added  customizable,  executive 
dashboard  capabilities  to  its 


product  and  integrated  Eclipses 
BIRT  (Business  Intelligence  and 
Reporting  Tools)  open  source  re¬ 
porting  engine  into  its  Ground- 
Work  Monitor  5  software  line.The 
software  runs  on  a  Linux  server 
with  memory  in  disk,  and  has 
real-time  status  views,  historic 
trend  reporting  and  an  alerting 
system.  The  company  provides 
three  flavors  of  its  monitoring  soft¬ 
ware:  a  free-for-download  open 
source  version,  an  SMB  version 
tailored  for  organizations  with  a 
maximum  of  50  servers  or  net¬ 
worked  devices  to  monitor,  and  a 
professional  version  priced  at 
$16,000  per  year  for  larger  enter¬ 
prise  deployments. 

Groundwork  customer  Sam 
Lamonica,  IT  director  at  general 
contracting  and  engineering 
company  Rudolph  &  Sletten  in 
Foster  City,  Calif.,  previewed  the 
software  and  says  it  looks  promis¬ 
ing.  He  points  to  such  features  as 
performance  trending,  which  lets 
his  team  collect  and  analyze  past 
data  by  “running  a  report,”  and  sys- 
log  processing  that  “allows  us  to 
centralize  syslog  in  a  single  loca¬ 


tion  for  ease  of  management." 

Yet  more  work  could  be  done, 
he  says.  “While  this  version  is  a 
big  improvement  over  the  old 
one,  we’d  still  like  to  see  an  eas- 
ier-to-use  GUI,”  he  says.“There  are 
just  too  many  different  tabs  to 
work  with  in  the  program,  and 
things  are  hard  to  find  among  all 
these  tabs.” 

Groundwork  also  will  unveil  its 
Network  Management  Suite,  the 
features  of  which  —  autodiscov¬ 
ery  network  mapping  and  net¬ 
work  protocol  analysis  — 
Groundwork  Monitor  Profes¬ 
sional  customers  can  take  advan¬ 
tage.  The  add-on  costs  $9,000,  and 
all  upgraded  and  new  Ground- 
Work  products  are  scheduled  to 
be  available  in  mid-October. 

For  its  part,  Splunk  increased 
the  search  capabilities  in  its 
flagship  software,  letting  IT  man¬ 
agers  find  data  across  servers  at 
distributed  locations.  Splunk  2.1 
software,  which  runs  on  Linux, 
Unix  (including  Solaris)  and 
Mac  OS  X  operating  systems, 
searches  for  management  data 
across  logs,  message  queues, 


configuration  files,  SNMP  traps 
and  database  transactions  to 
correlate  events  more  quickly 
that  could  be  related  to  a  failure 
—  and  that  network  managers 
typically  would  have  to  search 
manually. 

The  company  also  added  a 
Web-based  administration  inter¬ 
face  to  its  management  software. 
Splunk  2.1  pricing  begins  at 
$2,500  per  year. 

Also  at  the  show,  newcomer 
Uplogix  plans  to  showcase  its  En¬ 
voy  Network  Resource  Manager 
3.0  appliance,  which  manages 
devices  and  systems  and  doesn’t 
depend  on  the  network  for  con¬ 
nectivity  It  collects  data  that  pro¬ 
vides  insight  into  device  health, 
and  logs  user  interactions  with 
devices  to  ensure  compliance. 

Envoy  plugs  into  the  console 
port  of  devices  at  remote 
offices.  One  appliance  can  man¬ 
age  four  to  32  devices  per  loca¬ 
tion.  The  distributed  appliances 
work  with  management  soft¬ 
ware,  prepackaged  on  a  Dell 
server  and  installed  in  the  main 
data  center.B 


Switch,  router  vendors  line  up  products 


BY  PHIL  HOCHMUTH  AND  TIM  GREENE 

Foundry  Networks  and  Citrix  are  two  com¬ 
panies  planning  to  use  Interop  to  launch  appli¬ 
cation  acceleration  tools. 

Foundry  plans  to  announce  a  server  off¬ 
load  device;  Citrix  will  launch  boxes 
designed  to  speed  up  WAN  links;  and  Adtran 
and  StillSecure  will  introduce  LAN  switch 
and  network  access  control  (NAC)-based 
security  gear. 

Foundry’s  Serverlron  4G  switch  is  designed 
to  sit  in  front  of  Web  and  application  servers 
and  speed  up  client  access  by  offloading 
some  security  and  network  functions.  The 
device  can  take  over  SSL  encryption  duties 
from  a  Web  server  and  provide  server  load  bal¬ 
ancing  at  Layers  4  and  7,  Foundry  says. 

The  device  includes  Web  application  firewall 
capabilities,  which  let  it  drop  connections 
associated  with  suspicious  behavior,  such  as 
incorrect  data  repeatedly  entered  into  Web 
forms.  It  has  four  100/ 1000Mbps  copper  or 
fiber  ports,  and  starts  at  $12,000. 

Citrix  is  announcing  two  appliances  in  its 
WANScaler  family  with  improvements  that 
speed  up  WAN  performance  by  reducing  the 
number  of  bits  that  have  to  cross  the  connec- 
tion.The  8000-series  WANScaler  devices,  unlike 
devices  in  the  earlier  6000  series,  have  disk 
storage,  which  is  used  to  store  traffic.  That 
makes  it  possible  to  scan  larger  data  sets  for 
repetitive  blocks  that  can  be  replaced  by 
tokens  that  are  sent  over  the  link  instead  of  the 


Foundry's  Serverlron  4G  includes  four  Gigabit 
Ethernet  ports  and  SSL  processing  offload. 


bits  themselves.  Citrix  says  the  use  of  tokens 
can  reduce  traffic  by  as  much  as  3,500-to-l . 

The  high-end  WANScaler  8800  for  data  cen¬ 
ters  supports  50,000  simultaneous  connections 
and  has  an  850GB  hard  drive.  It  is  priced  from 
$40,000  to  $94,000  depending  on  the  size  of  the 
WAN  link  it  supports,  from  10M  to  150Mbps.The 
WANScaler  8500  has  a  160GB  drive  and  costs 
$8,500  to  $45,000  depending  on  the  size  of  the 
links,  from  T-l  toT-3. 

Citrix  also  is  upgrading  software  for  its  Net- 
Scaler  appliances,  which  front-end  Web 
servers  and  speed  up  transactions.  Outfitted 
with  the  new  software,  a  single  appliance  can 
support  as  many  as  15,000  servers  and  divide 
them  into  service  groups. That  means  if  a  sin¬ 
gle  service  is  supported  by  multiple  servers, 
the  appliance  can  represent  the  servers 
through  a  single  IP  address. 

It  also  can  rewrite  HTTP  headers  on  in¬ 
bound  and  outbound  traffic  to  mask  details 
about  internal  network  addressing  from  those 
accessing  servers  via  the  Web.  Citrix  has 
added  server  load  balancing  for  Session 
Initiation  Protocol  servers,  a  feature  NetScaler 
appliances  lacked  before. 


Adtran  is  announcing  two  sets  of  managed 
switches  for  small  offices. 

The  NetVanta  3448  is  a  multiservice  access 
router  that  includes  a  router,  eight-port 
10/100Mbps  switch,  firewall  and  optional 
IPSec  VPN  support  and  Bower  over  Ethernet 
(PoE).The  box,  which  replaces  the  NetVanta 
3200,  supports  two  T-l  WAN  links  as  well  as 
56Kbps  and  ADSL2+  asymmetric-DSL  connec¬ 
tions.  It  costs  $1,045.  PoE  support  will  be  avail¬ 
able  for  $345  in  the  fourth  quarter. 

Enhanced  VPN  capabilities  cost  $395  extra. 
The  switch  also  supports  QoS.  The  new  Net¬ 
Vanta  3430  is  the  same  platform  without  the 
switch;  it  costs  $895. 

Adtran  also  will  announce  the  3100  family 
of  NetVanta  fixed-port  routers.They  include  a 
firewall,  IPSec  VPN,  support  for  802.  IX 
authentication  and  QoS.  The  3120  is  a  four- 
port  switch  with  a  10/ 100Mbps  WAN  port  and 
an  analog  modem.  It  costs  $645.  The  3130 
router  is  the  same,  but  has  a  DSL  WAN  port;  it 
costs  $595.  ■ 
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isco,  Microsoft  effort  only  a  first  step 


**lt’s  always  ‘add  all  these  things 
together  and  it  will  be  interoperable,’ 
which  is  really  just  them  saying  ‘you 
must  install  two  separate  policy 
servers  to  do  the  job  that  one  was 
able  to  handle  previously.’55 


Joel  Snyder,  senior  partner,  Opus  One 


BY  JOHN  FONTANA 

A  long-awaited  first  pass  at  demonstrating 
interoperability  between  network  access 
control  components  from  Cisco  and  Micro¬ 
soft  only  underscores  the  complexity  of  the 
task  that  remains  and  the  need  to  involve 
more  vendors,  experts  say 

The  good  news,  they  add,  is  that  the  coop¬ 
eration  building  between  these  industry 
giants  should  benefit  most  of  those  organi¬ 
zations  that  have  built  their  infrastructures 
around  Microsoft  and  Cisco  products. 

“The  interoperability  is  important  based 
on  who  the  players  are,  but  it  is  hard  to  get 
excited  about  two  vendors  patching  togeth¬ 
er  their  proprietary  hardware  and  software,” 
says  Andrew  Braunberg,  senior  analyst  for 
information  security  at  Current  Analysis. 
“We  are  no  closer  to  open  standards  for  net¬ 
work  access  control.” 

Openness  is  being  pushed  by  the  Trusted 
Network  Connect  (TNC)  group,  which  is 
working  on  a  set  of  open  NAC  specifications 
within  the  Trusted  Computing  Group  (TCG) 
industry  association,  and  by  the  lETF’s 
Network  Endpoint  Assessment  (NEA)  work¬ 
ing  group.  Microsoft  is  a  member  of  both 
groups  and  says  it  plans  to  focus  more  on 
those  efforts  after  completing  its  initial  work 
with  Cisco.  Cisco  is  not  a  member  of  TCG, 
but  does  work  within  the  NEA. 

At  IDG’s  recent  Security  Standard  confer¬ 
ence,  the  companies  put  on  a  demonstra¬ 
tion  involving  integrating  Ciscos  Network 
Admission  Control  (C-NAC)  and  Microsoft’s 
Network  Access  Protection  (NAP)  frame¬ 
works.  They  also  released  a  white  paper 
and  announced  plans  for  a  private  beta 


later  this  year. 

“They  have  some  form  of  interoperability 
but  you  still  end  up  with  a  proprietary  ar¬ 
chitecture  that  is  tied  down  to  their  busi¬ 
ness  interests,” says  Steve  Hanna,  co-chair  of 
the  TNC  group,  which  in  May  released  final 
specifications  for  building  an  open  stan- 
dards-based  NAC  system.  Hanna  says  the 
goals  are  adoption,  greater  functionality 
and  compatibility  and  compliance  testing. 

Observers  say  interoperability  gains  by 
Cisco  and  Microsoft  are  only  small  steps 
forward,  because  they  center  on  consoli¬ 
dation  around  agent  protocols  used  to 
provide  data  on  the  health  of  network 
endpoints,  not  around  the  frameworks 
themselves. 

The  two  vendors  specifically  pointed  out 
that  customers  would  have  to  deploy  the 
Cisco  Secure  Access  Control  Server  and  the 
Microsoft  Network  Policy  Server  for  the  ini¬ 
tial  interoperability  release. 

“It’s  always  ‘add  all  these  things  together 
and  it  will  be  interoperable’  which  is  really 


just  them  saying  ‘you  must  install  two  sepa¬ 
rate  policy  servers  to  do  the  job  that  one 
was  able  to  handle  previously’  ”  says  Joel 
Snyder  a  senior  partner  with  consulting 
firm  Opus  One  and  a  member  of  the  Net¬ 
work  World  Lab  Alliance.  “It  just  compli¬ 
cates  things  at  a  time  when  they  could  have 
gotten  simpler,”  he  adds. 

Snyder  says  one  good  outcome  may  be 
simplicity  on  the  client  side,  with  Microsoft 
taking  responsibility  for  the  client-side 
agent  and  APIs. 

The  two  vendors  say  a  single  agent,  which 
will  ship  with  the  Vista  client  operating  sys¬ 
tem  and  Longhorn  Server,  will  operate 
across  the  Cisco  and  Microsoft  platforms 
and  be  used  by  third  parties  to  tie  their  sys¬ 
tems  into  the  architecture.  Cisco  will  con¬ 
tinue  to  develop  its  Trust  Agent  to  support 
non-Microsoft  platforms,  and  Microsoft  will 
make  available  APIs  so  third-parties  can 
develop  cross-platform  agents. 

“We  still  think  this  admission  control  is 
in  its  early  days,”  says  Mark  Ashida,  gener¬ 


al  manager  for  enterprise  networking  at 
Microsoft.  He  says  Microsoft  plans  to 
offer  licensing  on  all  the  protocols  in  the 
NAP  architecture.  “We  are  working  on  a 
licensing  program  to  recreate  the  NAP 
implementation.” 

Ashida  bristles  at  the  notion  that  Micro¬ 
soft’s  NAP  is  a  closed  architecture,  citing 
standard  protocols  that  it  takes  advantage 
of  such  as  RADIUS. 

“I  feel  strongly  that  among  the  many 
things  I  have  seen  at  Microsoft,  this  is  about 
the  most  open,”  he  says.“And  through  licens¬ 
ing  we  want  to  make  it  more  open,  but  it  is 
not  open  source.” 

Cisco  officials  concur  that  the  Microsoft 
relationship  is  a  work  in  progress,  but  say 
the  fact  they  have  licensed  each  other’s  pro¬ 
tocols  will  provide  flexibility  in  meeting 
customer  demands. 

“This  means  if  customers  come  to  Cisco 
and  say,  we  want  your  RADIUS  server  to  sup¬ 
port  these  NAP  features,  then  we  can  build 
that  in,”  says  Bob  Gleichauf,  vice  president 
for  the  security  technology  group  at  Cisco. 
He  says  future  development  will  head 
towards  policy“You  are  going  to  see  a  lot  of 
companies  innovating  around  policy  con¬ 
trols,  and  over  time  you  will  see  a  richness 
of  development  in  that  area.” 

While  that  may  be  the  future,  observers 
say  what  customers  have  now  from  Cisco 
and  Microsoft  is  white-paper-thin  until 
Microsoft  ships  Vista  and  Longhorn. 

“We  are  at  a  point  where  we  have  some 
interesting  ideas  on  paperj’ says  Rob  Ayoub, 
analyst  for  network  security  with  Frost  & 
Sullivan. “We  are  still  a  long  way  from  pro¬ 
ductizing  all  this.” 

He  says  those  products  will  complicate 
the  picture  further,  because  NAC  contains  a 
lot  of  pieces  that  network  administrators 
have  never  seen  before.  “If  you  are  com¬ 
pletely  a  Cisco  and  Microsoft  shop,  this 
might  work  OK,  but  if  you  have  other 
pieces,  that  is  where  the  real  challenges  will 
come  in.” 

Separately  and  within  their  own  architec¬ 
tures,  however,  Cisco,  Microsoft  and  the  TNC 
group  are  making  progress  in  solidifying 
their  NAC  platforms. 

This  week,  Interop  Labs  will  hold  the  sec¬ 
ond  of  its  two  NAC  tests  on  the  three  archi¬ 
tectures  at  the  fall  Interop  conference  in 
New  York.  In  May’s  first  round  of  testing,  all 
three  platforms  showed  interoperability 
with  third-party  products  designed  specifi¬ 
cally  for  their  architectures. 

For  the  next  round,  Cisco  is  coming  in 
with  a  partner  community  of  nearly  100 
and  nearly  1,000  customer  deployments, 
and  Microsoft  is  bringing  solid  partner 
support  despite  delays  in  Vista  and 
Longhorn.  TNC  for  its  part  has  realized 
strong  vendor  uptake  across  its  range  of 
NAC  specifications.  ■ 


Industry  giants  talk  about  NAC 


Cisco  and  Microsoft  recently  revealed  how  they  are 
working  toward  interoperability  between  Cisco 's 
Network  Admission  Control  and  Microsoft’s  Network 
Access  Protection  technologies.  The  companies  used 
The  Security  Standard  conference  last  week  in  Boston 
to  detail  how  —  when  Microsoft’s  Vista  sees  wide¬ 
spread  adoption  and  Longhorn  sewer  ships  at  the  end 
of  2007 —  customers  will  be  able  to  use  a  jointly  devel¬ 
oped  API  to  integrate  Microsoft  systems  with,  for 
instance,  Cisco’s  Access  Control  Server. 

At  the  conference.  Network  World  Senior  Editor  Denise 
Dubie  caught  up  with  Bob  Gleichauf,  CTO  of  Cisco ’s 
Security  Technology  Group,  and  Mark  Ashida,  general 
manager  of  Windows  Networking  at  Microsoft,  to  learn 
more  about  why  the  companies  joined  forces  on  secur¬ 


ity  and  what’s  in  store  for  future  collaborations. 

Explain  a  bit  how  Cisco  and  Microsoft  technologies  working  together 
will  ultimately  help  customers. 

Gleichauf:  These  technologies  have  been  designed  to  be 
much  more  transparent,  because  they  are  trying  to  just  get  a 
basic  assessment  to  figure  out  what  category  you  fit  in:  fully 
compliant,  partially  compliant,  risk  or  dangerous,  as  an  exam¬ 
ple;  those  are  arbitrary  definitions  to  which  policy  could  be 
written.Then  you  can  start  assigning  network  access  based  on 
that  and  the  remediation  process  based  on  that,  if  that  is  appro¬ 
priate.  Automating  that  process  frees  up  administrative  time  for 
other  tasks. 

Did  you  find  customers  uncomfortable  with  the  level  of  automation  the 
interoperability  between  the  products  poses?  If  yes,  how  did  you 
address  it  in  the  technology? 

See  NAC,  page  27 
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IT  budgets,  salaries  going  up  in 

Most  IT  executives  also  expect  level  or  rising  headcounts,  survey  finds. 


BY  CAROLYN  DUFFY  MARSAN 

IT  budgets,  staffing  and  salaries 
are  expected  to  increase  again  in 
2007,  according  to  a  survey  of 
CIOs  and  other  IT  executives  that 
are  set  to  be  released  this  week. 

The  survey  will  be  discussed  at 
the  annual  meeting  of  the  Society 
for  Information  Management 
(SIM),  an  association  of  3,000 
CIOs,  IT  executives  and  acade¬ 
mics.  SIM’s  meeting,  which  will 
focus  on  using  technology  to 
drive  business  value,  will  be  held 
in  Dallas. 

In  its  annual  survey,  SIM  found 
that  85%  of  CIOs  expected  their 
IT  budgets  to  rise  or  hold  steady 
in  2007.  Similarly,  80%  said  their 
2006  IT  budgets  had  increased 
or  held  steady  compared  with 
2005  levels. 

“It’s  continuing  to  look  positive 
for  IT  in  terms  of  career  opportu- 


What  keeps  you  up 
at  night? 

Top  management 
concerns  of  CIOs. 

1.  IT  and  business  alignment. 

2.  Attracting  and  retaining  IT 
professionals. 

3.  Security  and  privacy. 

4.  IT  strategic  planning. 

5.  Project  management  capability. 

SOURCE:  SOCIETY  FOR  INFORMATION 
MANAGEMENT  SURVEY  OF  139  CIOS/IT 
EXECUTIVES 


nities,  salaries  and  investment,” 
says  Jerry  Luftman,  a  professor 
and  associate  dean  for  graduate 
IS  programs  at  Stevens  Institute  of 
Technology  in  Hoboken,  N.J.,  who 


conducted  the  survey 

Luftman  says  SIM  members  are 
accurate  at  predicting  future  bud¬ 
gets.  “Last  year,  20%  of  folks  pro¬ 
jected  that  their  IT  budgets  would 
be  cut  this  year, and  that  result  was 
spot  on,”  he  says. 

In  terms  of  staff,  72%  of  CIOs  pre¬ 
dicted  that  their  IT  head  count 
would  stay  the  same  or  rise  in 
2007.  This  result  is  consistent  with 
the  72%  of  CIOs  who  said  their  IT 
head  count  actually  did  stay  the 
same  or  rise  from  2005  to  2006. 

Luftman  pointed  out  that  last 
year  CIOs  predicted  a  larger  rise 
in  IT  head  count  for  2006,  with 
83%  of  respondents  predicting 
that  staffing  levels  would  stay  the 
same  or  rise. 

“The  trend  is  still  going  up,  which 
is  good,  but  it’s  not  going  up  quite 
as  much  as  IS  executives  were 
pushing  forj’ Luftman  explains. 


In  terms  of  salaries,  71%  of  CIOs 
predicted  that  their  IT  staff 
would  see  raises  in  2007,  while 
20%  said  salary  levels  would  stay 
the  same  as  2006. 

This  compares  with  74%  of  CIOs 
reporting  raises  for  their  IT  staff  in 
2006  and  another  23%  seeing 
salaries  hold  steady 

“This  is  a  good  story,  with  97% 
of  IS  executives  saying  that  their 
salaries  are  the  same  or  better 
than  a  year  ago,”  Luftman  says. 
“Historically,  they  are  pretty 
good  at  projecting  salaries  for 
the  next  year.” 

The  survey  finds  that  more  CIOs 
report  to  the  CEO  of  their  com¬ 
panies,  up  to  45.2%  this  year  from 
42.6%  last  year.  CIOs  also  are 
holding  on  to  their  positions 
longer,  with  the  average  tenure 
being  3.6  years,  up  from  two 
years  in  the  early  2000s. 


“I’d  like  to  see  [tenure]  over 
five  years  so  that  CIOs  can  have 
a  stronger  impact  on  the  busi¬ 
ness,”  Luftman  says. 

Offshore  outsourcing  remains 
an  issue  but  not  a  big  one.  CIOs 
said  that  3.3%  of  their  2007  IT 
budgets  would  go  to  offshore 
outsourcing,  compared  with 
2.7%  in  2006.  On  average,  CIOs 
said  that  4%  of  their  IT  budgets 
were  allocated  to  offshore  out¬ 
sourcing  in  2006. 

Web  services  topped  the  list  of 
the  CIOs’  top  technology  de¬ 
velopments.  A  newcomer  to  the 
list,  Web  services  bested  busi¬ 
ness  intelligence  and  security 
technologies,  which  came  in  at 
Nos.  2  and  3. 

This  year’s  SIM  survey  attract¬ 
ed  139  written  responses  from 
CIOs  and  IT  executives  who 
belong  to  the  group.  ■ 


SecureWave  touts  unified  GUI  in  Sanctuary  upgrade 


BY  JOHN  COX 

SecureWave  this  week  is  scheduled  to 
release  a  new  version  of  its  Sanctuary  soft¬ 
ware  suite,  which  is  designed  to  control 
user  access  to  laptop  applications  and 
storage  devices. 

In  the  4.0  release,  both  of  the  Sanctuary 
programs, Application  Control  and  Device 
Control, can  be  managed  from  a  common 
GUI.  In  the  past,  they  had  to  be  managed 
separately. 

Now  network  administrators  have  a  single 
console  that  let’s  them  integrate  data  from 
both. With  the  integrated  console,  and  some 
new  and  expanded  reports,  administrators 
can  relate  a  user’s  activities  with  a  specific 
application  to  specific  CD-ROM,  USB  drive 
or  other  portable  memory  devices. 

Changes  include  simpler  administration 
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Sanctuary  Management  Console  [Log  Explorer] 
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SecureWave's  new  Sanctuary  4.0  offers  this  unified  management  console,  so  administrators 
can  customize  views  of  what's  happening  on  enterprise  laptops  and  PCs,  with  both  application 
files  and  peripheral  devices. 


of  centralized  encryption  policies,  more  effi¬ 
cient  data  exchanges  between  the  Sanc¬ 
tuary  client  and  server  programs,  and  the 
ability  to  audit  any  changes  made  to  a  client 
by  someone  with  administration  privileges. 

Both  Sanctuary  applications  essentially 
create  whitelists  of  authorized  applications 
and  devices  on  an  enterprise  PC.  If  they 
aren’t  on  the  list,  the  client  code  will  block 
the  user’s  access  to  them.  The  software  can 
also  keep  a  record  of  a  user’s  activities. 

SecureWave  competes  with  several  com¬ 
panies  that  also  offer  software  to  extend 
enterprise  control  over  PCs  and  their 
peripherals,  especially  laptops  that  may  be 
used  outside  a  company  office.  So-called 
endpoint-security  vendors  include  Safend 
and  SmartLine.and  Credant  Technologies. 

Customers  typically  buy  either  Sanctuary 
Device  Control  or  Application  Control  to 
start  with.  The  second  program  can  be 
added  by  paying  the  additional  license  and 
activating  a  license  key:  No  additional  soft¬ 
ware  installation  is  needed. 

The  console  GUI  has  been  redesigned 
to  make  it  easier  to  navigate  the  various 
screens.  Reporting  has  been  improved  so 
that  administrators  can  see  how  a  spe¬ 
cific  storage  device  associates  with  dif¬ 
ferent  applications,  according  to  Dennis 
Szerszen,  vice  president  of  marketing  for 
the  Durham,  N.C.,  outfit.  Finally,  the 
Sanctuary  program  used  to  view  and 
work  with  file  types  has  been  redesigned 


to  mimic  Windows  Explorer. 

SecureWave  plans  to  add  features  that 
expose  more  details  about  what  users  do 
with  data,  and  eventually  allow  administra¬ 
tors  more  detailed  control  over  data 
access,  according  to  Szerszen. 

Enforcing  encryption  policies  is  simpler 
in  the  new  release.  In  the  past,  a  USB  or 
other  device  first  had  to  be  plugged  into  a 
specific  PC;  only  then  could  that  PC’s 
SecureWave  client  enforce  a  rule  that  data 
saved  to  that  drive  had  to  be  encrypted. 
Version  4.0  eliminates  that  step:  When  a 
user  plugs  in  certain  brands  of  devices, 
such  as  a  Lexar  USB  drive,  it  can  use 


unique  identifier  information  on  the  drive 
to  know  that  it  can  be  encrypted  and 
enforce  whatever  encryption  policy  has 
been  decided  upon. 

Sanctuary  4.0  now  also  automatically 
compresses  both  log  entries,  which  are 
used  for  keeping  track  of  activities,  and  the 
initial  download  of  the  Sanctuary  whitelists 
to  the  clients.  Changes  to  Sanctuary  poli¬ 
cies  can  now  be  replicated  to  client 
devices  without  having  to  download  the 
entire  policy  file.  Both  of  these  enhance¬ 
ments  are  designed  to  minimize  bandwidth 
demand,  according  to  Szerszen. 

Sanctuary  4.0  costs  $65  per  user.B 
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Calls  can  be  easily  transferred,  voicemails 
forwarded,  and  auto  attendants  can  send 
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onicWall  targets  image-based  spam 


BY  CARA  GARRETSON 

SonicWall  last  week  announced 
a  new  version  of  the  e-mail  secu¬ 
rity-gateway  software  and  appli¬ 
ance  it  acquired  upon  purchasing 
MailFrontier  earlier  this  year. 


BY  DENI  CONNOR 

EqualLogic  last  week  expanded 
its  product  line  with  iSCSI  storage 
arrays  that  support  tiered  storage. 

The  PS3000  Series  Storage 
Arrays  use  Serial  Attached  SCSI 
(SAS)  drives  of  different  speeds 
and  capacities.  The  PS3800XV 
uses  15,000-rpm  150GB  SAS  dri¬ 
ves  (2.8TB)  for  the  highest  per¬ 
forming  tier;  the  PS3600X  uses 
10,000-rpm  300GB  SAS  drives 
(4.8TB)  for  secondary  storage. 
Combined  with  7,200-rpm 
Serial  Advanced  Technology 
Attachment  drives,  the  arrays 
will  now  allow  for  three  tiers  of 
storage. 

The  disks  in  the  PS3000  Series 


The  PS3000  array  allows  tiered 
storage  on  Serial  Attached  SCSI 
disks  and  Serial  ATA. 


Storage  Arrays  are  fully  redundant 
and  hot  swappable.  Each  module 
has  dual  controllers  and  16  disk 
drive  bays,  plus  fans  and  power 
supplies.They  connect  to  the  net¬ 
work  with  three  1GB  Ethernet 
connections.  A  management  sys¬ 
tem  on  the  enclosure  monitors 
component  status,  disk  drive 
health  and  temperature. 

Management  software  included 
with  the  storage  array  enables 
configuration  and  installation, 
storage-area  network  virtualiza¬ 
tion,  provisioning  and  RAID  5, 10 
or  50  placement.  A  phone-home 
feature  is  available  for  automated 
troubleshooting. 

Customers  can  opt  to  enable 
multiway  replication  for  disaster 
recovery  snapshots  for  data  pro¬ 
tection  and  multipathing  I/O  sup¬ 
port  for  redundancy. 


SonicWall  E-mail  Security  5.0 
includes  new  ways  to  trap  spam 
and  enhanced  compliance  fea¬ 
tures  for  the  content  of  outbound 
messages. 

.  Among  the  new  spam- 


Equallogic  competes  in  the 
iSCSI  market  with  companies 
such  as  Nexsan  and  LeftHand 
Networks,  and  with  more  estab¬ 
lished  array  vendors  such  as  EMC 
and  Network  Appliance. 

The  arrays  start  at  $65,000  and 
are  expected  to  be  available  in 
October.  ■ 


BY  JOHN  FONTANA 

Real-time  collaboration  vendor 
Antepo  plans  to  extend  its  proto¬ 
col  support  in  its  instant  messag¬ 
ing  and  presence  server  to  open 
up  its  back  end  to  more  client 
choices  and  VoIP  options. 

With  the  release  of  the  Rivoli 
server,  the  company  also  is  intro¬ 
ducing  a  name  change  for  the 
platform  that  was  previously 
called  OPN  System  XT. 

The  company  announced  its 
changes  last  week  at  the  VON  con¬ 
ference  in  Boston. 

Rivoli  features  native  support  for 
the  Session  Initiation  Protocol 
(SIP)  and  Session  Initiation  Pro¬ 
tocol  for  Instant  Messaging  and 
Presence  Leveraging  Extensions 
(SIMPLE).  The  company  is  ex¬ 
tending  that  support  to  include 
VoIP  and  presence  integration 
with  VoIP 

It  also  is  adding  support  for 
Microsoft  Office  Communicator 
and  Windows  Messenger  1M 
clients,  and  presence  integration 
with  SharePoint  Server,  which 
Microsoft  is  expected  to  ship  later 
this  year  to  corporate  customers. 
Users  will  be  able  to  see  if  the 
author  of  a  file  in  ShareFbint  is 
online  and  start  an  IM  session 
with  that  user.  The  presence  capa¬ 
bilities  will  extend  to  Office  appli- 


detection  features  is  an  image¬ 
thumbprinting  technology  that 
helps  catch  image-based  spam 
—  e-mail  with  text  messages  hid¬ 
den  inside  an  image  that  evade 
traditional  spam  filters. SonicWall 
collects  feedback  from  its  net¬ 
work  of  users  regarding  which  of 
these  e-mails  with  images  are 
spam,  and  then  blocks  them 
accordingly,  officials  say 
In  addition  to  reporting  on 
image  e-mails  that  are  spam, 
users  can  report  on  those  that 
aren’t,  therefore  reducing  the 
potential  for  false  positives,  the 
company  says.The  new  feature  is 
designed  to  help  large  and  small 
organizations  get  a  handle  on 
threats  entering  their  organiza¬ 
tions  via  e-mail.  Company  offi¬ 
cials  quote  an  IDC  report  that 
says  IT  managers  now  rank  spam 
as  the  third-greatest  threat  to 


cations  Outlook,  Excel  and  Word. 

In  addition,  the  company  is  sup¬ 
porting  white  boarding,  applica¬ 
tion  sharing  and  VoIP  via  the  SIP 
protocol,  which  supports  connec¬ 
tions  to  IP  PBX  servers. 

Antepo  is  adding  support  for  SIP- 
based  soft  phones,  including  certi¬ 
fication  of  support  for  Counter¬ 
path’s  eyeBeam  soft  phone. 

Antepo’s  changes  are  drawing 
interest  from  user  and  existing 
customers,  who  say  the  greater 


their  organizations. 

On  the  outbound  e-mail  end, 
Version  5.0  includes  compli¬ 
ance  features  that  help  organi¬ 
zations  enforce  regulations  such 
as  the  Sarbanes-Oxley  Act,  the 
Gramm-Leach-Bliley  Act  and 
the  Health  Insurance  Portability 
and  Accountability  Act  by  flag¬ 
ging  e-mails  that  may  contain 
sensitive  data  protected  by 
these  laws.  The  product  uses 
record  ID  matching  to  detect 
predefined  values  such  as 
Social  Security  and  credit  card 
numbers,  includes  predefined 
dictionaries  to  match  keywords, 
and  includes  predefined  poli¬ 
cies  regarding  content  filtering, 
officials  say. 

Version  5.0  also  makes  it  possi¬ 
ble  to  encrypt  outbound  e-mails 
using  Transport  Layer  Security  or 
route  an  e-mail  to  a  third-party 


range  in  client  choices  will  help 
them  extend  their  systems. 

“The  external  connectors  would 
allow  us  to  add  our  customers 
into  our  instant  messaging,”  says 
Alfonso  Linares,  product  systems 
manager  for  eRx  Networks  in  Fort 
Worth,  Texas.  Linares  says  the 
company,  which  provides  third- 
party  claims  management  and 
analysis  services  to  the  retail  phar¬ 
macy  industry,  does  not  want  to 
dictate  software  choices  for  its 


encryption  provider.  An  e-mail 
archiving  option,  compliance 
reporting  and  e-mail  auditing 
also  have  been  added,  the  com¬ 
pany  says. 

The  SonicWall  E-mail  Security 
suite  is  available  as  a  gateway 
appliance  or  gateway  software, 
in  versions  for  small  and  mid¬ 
size  businesses  and  for  enter¬ 
prises. 

Pricing  for  the  software  starts 
at  $195,  and  for  the  appliance, at 
$1,395;  both  require  buyers  to 
sign  up  for  an  annual  subscrip¬ 
tion  to  updates.  SonicWall  com¬ 
petes  with  e-mail  security  ven¬ 
dors  including  Proofpoint, 
IronPort,  CipherTrust,  Symantec 
and  Barracuda.  In  addition  to 
its  e-mail  security  products,  the 
company  sells  firewall/VPN 
appliances  and  content-filter¬ 
ing  appliances.  ■ 


customers.  “Those  users  won’t 
have  to  have  the  OPN  client.  They 
could  have  GoogleTalk, Yahoo  or 
any  client  they  want.” 

Linares  says  he  scrapped  a  roll¬ 
out  of  Microsoft’s  Live  Commun¬ 
ications  Server  because  it  lacked 
a  feature  for  adding  groups  of 
users  into  an  IM  session. 

He  is  hoping  to  use  that  feature 
to  let  users  to  join  a  group  from  a 
Web  site  regardless  of  the  client 
software  they  are  using. 

“We  are  looking  down  that  road 
and  starting  our  own  develop¬ 
ment  around  SIP  and  looking 
how  that  might  work  for  us,”  says 
Linares,  who  plans  to  roll  out 
Rivoli  after  it  is  released. 

Antepo  is  one  of  many  ven¬ 
dors  with  SIP  support  including 
Microsoft,  IBM/Lotus  and  Wired- 
Red.  Major  IP  PBX  vendors  have 
included  SIP  support  within 
their  products,  but  Antepo  con¬ 
tinues  in  Rivoli  its  support  for 
Extensible  Messaging  and  Pre¬ 
sence  Protocol,  which  is  sup¬ 
ported  by  Jabber  and  clients 
such  as  GoogleTalk. 

Rivoli  ties  into  Microsoft’s  Active 
Directory  and  runs  on  Windows.  It 
has  versions  for  Linux, Sun, Solaris 
and  Unix. 

The  cost  for  the  software  is  $18 
per  user.  ■ 


EqualLogic  rolls  out 
tiered  storage 


Collaboration  tool  gains  VoIP  hooks 


Antepo's  Rivoli  real-time  collaboration  server  features  a  management  con¬ 
sole  that  can  be  used  to  track  connections  and  system  performance. 
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Goat  cheese  as  a  metaphor  for  customer  care 


Clegg  Ivey  a  vice  president 
with  VoIP  company  Voxeo, 
recently  told  me  a  story  about 
a  restaurant  near  the  compa¬ 
ny’s  Orlando  headquarters 
that  was  losing  track  of  what 
made  it  successful. 

The  restaurant’s  food  wasn’t 
something  you  would  go  out 
of  your  way  for,  except  for  a 
goat  cheese  appetizer  that 
Ivey  said“was  to  die  for.”  The 
restaurant  became  a  favorite  of  the  Voxeo 
staff  almost  entirely  because  of  the  appe¬ 
tizer.  But  the  staff  recently  learned  that  the 
menu  had  changed  and  the  goat  cheese 
appetizer  was  no  longer  on  it. 

The  restaurant  had  hired  a  new  chef  who 
wanted  the  menu  to  reflect  his  vision,  not 


the  past  chef’s.  Ivey  told  the 
story  to  point  out  that  it  is  easy 
for  companies  to  ignore  what 
products  or  features  attracted 
the  customers  they  already 
have.  Ignoring  this  risks  alien¬ 
ating  those  customers  such 
that  they  may  quickly 
become  ex-customers,  just  as 
most  of  the  Voxeo  staff  has. 
Ivey  offers  “don’t  take  goat 
cheese  off  the  menu”  as  a 
phrase  that  can  be  used  to  remind  compa¬ 
nies  not  to  forget  what  the  customers  liked 
about  the  company. 

The  reverse  is  true  as  well  —  don’t  forget 
to  replace  what  the  customers  hate. 
Preserving  bad  products  because  you 
know  how  to  make  them  is  at  least  as  much 


NET  INSIDER 
Scott  Bradner 


Declude  adds  new 
antispam  product 


BY  CARA  GARRETSON 

Declude,  which  for  years  has  been  selling 
its  e-mail  security  technology  for  use  in 
mail  servers,  last  week  announced  a  ver¬ 
sion  of  its  antispam  and  antivirus  product 
for  gateways. 

Previous  to  its  rollout  of  the  new  Inter¬ 
ceptor  product,  Declude’s  offerings  have 
been  available  only  for  Ipswitch’s  IMail  and 
SmarterTools’SmarterMail  e-mail  servers. 

The  core  technology  behind  Declude’s  e- 
mail  security  products  is  called  Security 
Flaw  Scanning,  which  is  designed  to  catch 
structurally  flawed  messages  in  which 
viruses  can  easily  hide  and  pass  through 
virus  scanners  undetected,  says  Dave 
Barker,  director  of  product  marketing. 

At  the  Boston  Celtics,  where  vice  presi¬ 
dent  of  technology  Jay  Wessel  manages 
100  e-mail  boxes  running  on  an  IMail  serv¬ 
er,  Declude’s  antispam  and  antivirus  tech¬ 
nology  has  been  in  use  for  about  five 
years.  According  to  Wessel,  his  organiza¬ 
tion  has  been  spared  a  number  of  e-mail 
threats  attempting  to  exploit  Outlook  vul¬ 
nerabilities  by  Declude’s  e-mail  security 
technology  which  he  uses  in  conjunction 
with  other  antivirus  products. 

“We  use  Declude  out  at  the  periphery  and 
the  bulk  of  the  [protection]  is  done  by  De¬ 
clude.  I’ve  absolutely  seen  some  of  those 
Outlook  vulnerability  exploits,  and  they  get 
blocked,”  he  says.“I  would  hope  that  at  the 
user  level  the  other  [antivirus]  tools  would 
be  doing  their  jobs,  but  I  don’t  like  taking 
chances.” 

In  addition  to  this  zero-hour  virus  protec¬ 
tion,  Interceptor  features  spam  protection 
powered  by  Commtouch’s  integrated  RPD 
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Headquarters: 

Newburyport,  Mass. 
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2001 
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portfolio: 

Interceptor  gateway  e-mail 
security  software;  Security 
Suite  e-mail  server  software; 
MailProtector  e-mail  security 
hosted  service. 

CEO: 

Rich  Person,  previously  head 
of  software  company 
Poindexter  Systems. 

Employees: 

17 
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Privately  held 

engine,  integrated  AVG  virus  scanning  from 
Grisoft,  whitelist  and  blacklist  monitoring, 
predefined  reports  offering  threat  statistics, 
and  automatic  updates  for  administrators. 

While  entering  the  already  crowded  e- 
mail  security  market  could  be  viewed  as 
risky  Declude  CEO  Rich  Person  says  the 
company’s  unique  Security  Flaw  Scanning 
technology  and  pricing  strategy  set  it  apart. 
Interceptor  costs  from  $375  per  year  for 
organizations  with  10  to  15  employees  to  a 
maximum  price  of  $12,500  per  year,  with 
discounts  taking  effect  in  subsequent 
years.Those  prices  include  all  modules. 

In  addition,  Declude  has  3,000  customers 
using  its  e-mail  security  product  for  mail 
servers,  Person  says,  so  it’s  not  as  if  the 
company  is  starting  from  square  one. 

Declude  competes  with  companies 
such  as  Symantec,  Barracuda,  IronPort  and 
Mirapoint.  ■ 


of  a  risk  as  tossing  out  the  good  ones. 

The  goat  cheese  admonition  must  not  get 
in  the  way  of  new  products  or  product  evo¬ 
lution  —  maybe  the  new  chef  at  Ivey’s 
restaurant  has  some  very  good  recipes  that 
will  eclipse  the  goat  cheese  appetizer. 

But  it  will  be  harder  to  get  the  folks  from 
Voxeo  to  try  the  new  menu  because  the 
lack  of  the  specific  dish  they  came  for 
means  they  are  not  going  to  the  restaurant. 
Maybe  for  that  restaurant  it  would  have 
been  better  to  phase  in  the  new,  eliminat¬ 
ing  the  good  dishes  from  the  old  menu 
over  time. 

Obviously,  the  dilemma  of  how  to 
evolve  products  is  not  limited  to  the 
restaurant  business.  Apple  made  signifi¬ 
cant  changes  to  the  user  experience 
when  it  moved  to  OSX  from  OS9.  Not 
everyone  was  happy  with  the  changes  — 
I  have  friends  who  have  never  made  the 
switch  because  they  did  not  like  the  new 
look  and  feel.  But  overall,  many  more 
people  like  the  OSX  environment  than 
were  upset  about  the  change. 

Some  early  reports  about  Microsoft’s 


Longhorn  (now  Vista)  complained  a  great 
deal  about  the  changed  user  experience, 
predicting  significant  increases  in  user  sup¬ 
port  costs.  1  have  not  seen  a  lot  of  these  re¬ 
ports  of  late,  but  1  do  expect  many  corpo¬ 
rate  Windows  users  will  soon  be  wistful 
over  today’s  Windows  (but  not  as  many  as 
Microsoft  wants  because  the  incentives  to 
change  to  Vista  will  not  overcome  the 
desire  for  the  familiar  in  many  users). 

The  balance  between  consistency  and 
change  is  not  easy  to  get  right,  as  many 
companies  have  found  out  the  hard  way 
Just  because  you  think  something  new  is 
better  may  just  not  be  enough  to  overcome 
the  customers’  desire  for  the  goat  cheese 
appetizers  of  old. 

Disclaimers:  Goat  cheese  appetizers  are 
not  quite  what  Harvard  students  expect  to 
get  in  the  dining  halls  (though  maybe  the 
business  school  is  different).  So  this  is  my 
own  hankering,  not  the  university’s. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


•nVV  , 


Today,  Carlo  restored  a  failed  router  in  Miami, 
rebooted  a  Linux  server  in  Tokyo,  and 
remembered  someone’s  very  special  day. 

With  Avocent  centralized  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent  puts  secure 
access  and  control  right  at  your  fingertips  -  from  multi-platform  servers  to  network  routers,  your  local  data  center  to  branch 
offices.  Our  ‘‘agentless”  out-of-band  solution  manages  your  physical  and  virtual  connections  (KVM,  serial,  integrated  power, 
embedded  service  processors,  IPMI  and  SoL)  from  a  single  console.  You  have  guaranteed  access  to  your  critical  hardware 
even  when  in-band  methods  fail.  Let  others  roll  crash  carts  to  troubleshoot  -  with  Avocent,  trouble  becomes  a  thing  of  the 
past,  so  you  can  focus  on  the  present. 


Visit  www.avocent.com/special  to  download  Data  Center  Control: 
Guidelines  to  Achieve  Centralized  Management  white  paper. 


Avocent,  the  Avocent  logo  and  The  Power  of  Being  There  are  registered  trademarks  of  Avocent  Corporation.  All 
other  trademarks  or  company  names  are  trademarks  or  registered  trademarks  of  their  respective  companies. 
Copyright  c  2006  Avocent  Corporation. 
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Real-world  testing — a  real-world  perspective 


“But  experts  cautioned  that 
the  test  lacked  some  real- 
world  conditions . . .” 

Testing  being  at  the  core  of 
what  we  do  at  The  Tolly 
Group,  a  newspaper  story  with 
these  words  was  certain  to 
attract  my  attention.  It  might 
seem  to  some  that  any  test  is 
an  incomplete  test,  and  by 
extension,  without  value  - — 
but  I  don’t  agree. 

Interestingly,  the  quote  above  is  not  from 
a  trade  publication  but  from  a  recent  front¬ 
page  story  in  The  Washington  Post  titled 
“Target  Intercepted  in  Anti-Missile  Test.”  In 
this  case,  experts  bemoaned  that  the  test 
attack  was  not  a  surprise  attack,  did  not 
involve  multiple  incoming  missiles  and 
did  not  involve  an  enemy  trying  to  thwart 
the  tracking  system.  The  implication  was 
that  the  Pentagon  test  was  a  pointless 
waste  of  time  (and  to  be  sure,  it  cost  a  lot 
of  money). 


So,  who  is  right?  From  read¬ 
ing  about  all  of  the  flaws  in 
the  test,  one  might  concur 
with  the  experts.  Again,  I 
would  disagree. 

When  you  think  about  it,  a 
test  that  tries  to  do  too  much 
often  accomplishes  nothing. 
Imagine  if  the  missile  test  had 
all  of  the  extra  real-world  con¬ 
ditions  listed  above  and  it 
failed.  The  first  thing  one 
would  want  to  know  is  why.  With  so  many 
variables  the  likely  answer  would  be:  Who 
knows  —  we  tried  to  do  too  much. 

The  essence  of  testing,  whether  in  IT  or 
elsewhere,  is  to  isolate  certain  elements  to 
establish  a  baseline  of  performance  or 
functionality  Subsequent  tests  can  build 
upon  the  base  knowledge  and  be  used  to 
exercise  more  sophisticated  features. 

We  need  to  build  our  testing  —  as  the 
Pentagon  did  —  by  testing  core  functions 
and  then  increasing  complexity  It  doesn’t 


TOLLY  OH  TECHNOLOGY 
Kevin  Tolly 


E-mail  security  system 
moves  to  VMware  nets 


BY  CARA  GARRETSON 

Proofpoint  last  week  announced  a  ver¬ 
sion  of  its  e-mail  security  product  for 
VMware  virtual  machine  environments. 

Slated  for  commercial  release  in  the 
fourth  quarter,  Proofpoint’s  Messaging 
Security  Gateway  for  VMware  will  be  avail¬ 
able  as  a  download  from  Proofpoint’s  Web 
site,  says  Andres  Kohn,  vice  president  of 
product  management.  Customers  will 
receive  the  same  spam  and  virus  protec¬ 
tion  and  content  control  as  users  of 
Proofpoint’s  appliances  and  software  mod¬ 
ules,  he  says,  while  benefiting  from  the 
advantages  of  a  virtual  environment. 

Those  benefits  include  cost  reduction. 
Running  Proofpoint’s  e-mail  security  prod¬ 
uct  on  a  partition  of  an  existing  server  as 
opposed  to  buying  a  new  appliance  repre¬ 
sents  upfront  savings  plus  those  realized 
from  taking  advantage  of  an  existing 
resource,  Kohn  says.  Customers  would  also 
save  money  by  not  having  to  rack,  cool  and 
power  an  additional  device. 

A  virtual  appliance  also  can  be  up  and 
running  in  the  time  it  takes  to  download 
the  program,  vs.  having  to  install  and  con¬ 
figure  a  dedicated  appliance,  Kohn  adds. 
Backup  and  recovery  are  simplified  by 
using  VMware’s  infrastructure  management 
tools  to  take  and  restore  snapshots  of  an 
entire  environment. 

“I  think  the  notion  of  virtualization  makes 
a  lot  of  sense  and  offers  more  reliability 
and  redundancy  than  a  traditional  appli¬ 


ance,”  says  Richard  Cummins,  director  of 
the  technology  services  group  at 
Community  Medical  Centers  in  Fresno, 
Calif.,  which  uses  Proofpoint  appliances. 
“We  just  did  a  study  and  determined  that  it 
costs  us  $5,000  per  server  per  year  to  main¬ 
tain  a  server  in  the  data  center.That  number 
alone  is  compelling  enough  to  pursue  vir¬ 
tualization  for  some  applications.” 

The  virtualization  was  initially  driven  by 
the  idea  of  getting  more  use  out  of  under¬ 
utilized  servers.  The  next  logical  progres¬ 
sion  is  to  eliminate  some  of  the  dedicated 
appliances  strewn  across  enterprises,  says 
one  analyst. 

“It  makes  sense  to  take  what  used  to  be  a 
separate,  dedicated,  physical  appliance  and 
make  it  a  separate,  dedicated,  virtual  appli¬ 
ance,”  says  Neil  MacDonald,  vice  president 
and  distinguished  analyst  at  Gartner. 

Kohn  says  the  creation  of  the  virtual  appli¬ 
ance  was  easy  because  the  company  origi¬ 
nally  based  its  product  on  standard  hard¬ 
ware  and  software,  namely  Linux  and 
Solaris.  In  addition,  the  company’s  pricing 
model  —  which  is  based  on  number  of 
users,  not  per  appliance  —  translates  easily 
to  the  virtual  world. 

For  an  organization  with  250  users,  a  one- 
year  license  of  Proofpoint  Messaging 
Security  Gateway  for  VMware  with  anti¬ 
spam,  antivirus  and  content-compliance 
modules  will  cost  around  $10,000. 

The  virtualized  appliance  is  available  in 
beta  version  now  at  Proofpoint’s  Web  site.® 


make  sense  to  conduct,  say  a  test  trying  to 
establish  the  maximum  throughput  of  a 
wireless  LAN  (WLAN)  solution  in  an  envi¬ 
ronment  that  you  know  is  loaded  with  inter¬ 
ference  and  physical  obstructions.  What 
would  be  the  point? 

Just  as  we  let  athletes  optimize  their  per¬ 
formance  by  wearing  performance  cloth¬ 
ing  at  track  and  swim  meets,  it  makes 
sense  to  determine  the  best  case 
performance  of  a  technology  before 
adding  other  elements.  As  important  as 
other  real-world  elements  are,  they  are 
often  meaningless  without  some  baseline 
numbers  for  comparison. 

In  the  case  of  WLANs,  for  example,  it  did¬ 
n’t  take  us  long  to  realize  that  the  best 
throughput  —  even  under  optimal  condi¬ 
tions  —  was  about  half  of  the  rated  speed 
(we  learned  to  expect  no  more  than 
about  20M  to  22Mbps  out  of  802.1  lg 
54Mbps  LANs). 

If  we  hadn’t  established  this  in  ideal, 
laboratory  conditions,  one  might  have 
thought  interference  was  driving  down 
throughput  dramatically  (As  it  is,  there  are 


architectural  reasons  for  this  number.) 

So,  yes,  let’s  do  WLAN  tests  in  environ¬ 
ments  with  obstructions  and  interference 
but  remember  the  essential  of  having 
controlled  results  with  which  to  under¬ 
stand  this. 

Let’s  recognize  that  a  test  piling  on  com¬ 
plexity  is  not  inherently  better  than  a 
straightforward  test  of  a  single  aspect  of  a 
product  done  under  controlled  conditions. 

A  test  must  be  repeatable  to  carry  much 
meaning.  Given  the  nature  of  some  tech¬ 
nologies  —  wireless  again  provides  a 
good  example  —  reproducing  a  test  envi¬ 
ronment  isn’t  always  possible.  Still,  similar 
results  should  be  expected  for  similar 
conditions. 

Finally  and  most  importantly  we  need  to 
remember  that  numbers  without  analysis 
often  tell  us  nothing. Look  beyond  the  num¬ 
bers;  look  for  meaning. 

Tolly  is  president  of  The  Tolly  Group ,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  Fie  can  be 
reached  at  ktolly@tolly.com. 
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Filling  the  'Net  measurement  void 


EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


I’ll  admit  it:  I’m  a  data  junkie. 

That’s  not  just  because  I’m  in  the 
research  business  —  though 
admittedly  it’s  the  perfect  gig  for 
someone  with  an  obsessive  desire 
to  measure,  record  and  track  the 
effectiveness  of  everything. 

No,  my  fascination  with  data 
isn’t  just  a  consequence  of  my  day 
job.  It  comes  from  both  tempera¬ 
ment  and  training.  When  I  was  9, 1 
measured  the  relative  effective¬ 
ness  of  two  processes  for  shelling 
peas.  (No.I’m  not  kidding, and  yes, 
I  was  a  really  weird  kid.) 


In  my  years  as  an  engineer  and 
physicist,  I  maintained  a  focus  on 
measurement  —  one  of  my  earli¬ 
est  research  designs  in  high- 
energy  physics  was  a  liquid-argon 
calorimeter,  which  measures  the 
energy  created  by  a  particle- 
physics  experiment. 

That’s  why  I’m  appalled  at  the 
state  of  Internet  measurement 
now.  Even  though  companies  are 
becoming  utterly  reliant  on  the 
'Net,  we’ve  never  known  less 
about  Internet  structure  and  per¬ 
formance  —  and  that’s  a  huge 
problem. 

The  best  data  we  have  is  com¬ 
piled  by  the  good  folks  at  the 
Cooperative  Association  for  Inter¬ 
net  Data  Analysis  (CAIDA),a  not- 
for-profit  research  group  run  by 
the  University  of  California  at  San 
Diego  and  funded  by  govern¬ 


ment  research  grants  with  a 
handful  of  high-tech  companies 
(see  www.caida.org/home/). 

Yet  CAlDAs  principal  investiga¬ 
tor  and  director,  K.  Claffy  routinely 
laments  the  lack  of  high-quality 
data  her  team  can  access  and 
analyze.  We  don’t  even  have  an 
up-to-date  map  of  the  Internet,  let 
alone  a  meaningful  measurement 
of  its  traffic  flows.  The  best  avail¬ 
able  public  data  is  at  CAIDA,  but 
it’s  woefully  incomplete. 

The  problem  is  twofold:  First, 
scientific  researchers,  while 
eager  to  access  others’  data  sets, 
are  reluctant  to  release  their 
own.  And  second,  the  players 
with  the  greatest  insight  into 
Internet  structure  and  perfor¬ 
mance  —  the  carriers  —  are 
reluctant  to  reveal  their  inner 
workings  to  each  other. 


As  a  result,  we  lack  a  compre¬ 
hensive  view  of  the  most  sophis¬ 
ticated  piece  of  infrastructure 
ever  created. That’s  pretty  disturb¬ 
ing,  given  how  integral  the 
Internet  is  to  our  global  econ¬ 
omy  Without  a  complete  map  of 
it  —  let  alone  a  detailed  under¬ 
standing  of  its  day-to-day  perfor¬ 
mance  —  we  can’t  ensure  that  it 
will  continue  to  work  reliably.  If 
that  doesn’t  scare  you,  it  should. 

What  should  be  done?  First, 
enterprises,  vendors  and  service 
providers  should  start  actively 
supporting  cooperative  Internet 
measurement  projects,  finan¬ 
cially  and  by  providing  insight 
into  their  challenges. These  orga¬ 
nizations  will  benefit  individu¬ 
ally  as  well  as  help  ensure  the 
long-term  stability  of  the  ’Net. 

Second,  scientific  researchers 


and  the  entities  that  support 
them  (universities,  government 
and  industrial  research  labs) 
should  insist  on  sharing  data  sets 
publicly.  CAIDA  operates  one 
repository  for  shared  data  sets, 
called  DatCat,  which  is  a  catalog 
of  Internet  measurement  data, 
but  there  are  others.  Researchers 
should  be  required  to  make  their 
data  sets  available  through  at 
least  one  of  the  public  catalogs. 

Above  all,  we  should  start  get¬ 
ting  serious  about  measuring  the 
Internet.  The  future  quite  literally 
may  depend  on  it. 

Johnson  is  president  and  chief 
research  officer  at  Nemertes 
Research ,  an  independent  tech¬ 
nology  research  firm.  She  can 
be  reached  at  johna@nemer 
tes.com. 


AT&T  acquires 
USinternetworking 


New  specification  targets 
mobile  phone  security 


BY  DENISE  PAPPALARDO 

AT&T  announced  last  week  that  it  is  acquiring  USinternetworking 
for  about  $300  million  in  cash. 

USinternetworking  is  a  privately  held  application  service  provider 
founded  in  1998,  when  the  ASP  model  was  first  popularized.  The 
company  touted  big  customer  wins,  but  the  ASP  concept  never 
lived  up  to  its  initial  hype. 

USi  has  150  business  customers,  including  companies  such  as 
GMAC,  Michelin,  Sunoco  and  Yankee  Candle.  The  company’s  rev¬ 
enue  totals  about  $100  million;  it  employs  700  people  and  has  two 
data  centers. 

What  prompted  AT&T  to  make  the  deal? 

“We  have  a  great  capability  from  a  collocation  standpoint  with  great 
managed  services  right  up  to  the  operating-system  level,”  says  Mike 
Antieri,  senior  vice  president  of  business  marketing  at  AT&T.“We  had 
a  void,  and  we  didn’t  have  a  significant  level  of  expertise  to  manage 
at  the  application  level.” 

Application  management  is  USi’s  core  competency  and  the  com¬ 
pany  is  customer-service  oriented,  he  adds. 

“We  have  had  a  ton  of  customers  ask  us  to  manage  at  the  applica¬ 
tion  layer. We  went  after  that  through  partners,  because  we  didn’t  have 
the  key  requisite  skills  in-house  or  at  scale,”  Antieri  says. 

AT&T  says  it  will  retain  all  of  USi’s  employees  and  has  offered  reten¬ 
tion  packages  to  all  key  executives  in  an  effort  to  keep  them  on  board. 
The  carrier  says  it  will  operate  USi  as  a  wholly  owned  subsidiary  that 
will  be  run  by  the  company’s  current  chairman  and  CEO  Andrew 
Stern.  He  will  be  CEO  of  the  subsidiary  after  the  acquisition. 

This  isn’t  AT&T’s  first  foray  into  the  ASP  business.  Back  in  2000  AT&T 
introduced  a  hosting  platform  called  EcoSystem  for  ASPs.That  service 
is  no  longer  available.  But  the  service  provider  has  not  directly  offered 
hosted  application  services  or  software  as  a  service  to  customers, 
choosing  instead  to  team  with  partners. 

The  deal  is  expected  to  close  in  the  fourth  quarter.  AT&T  sales  rep¬ 
resentatives  and  sales  channels  are  expected  to  start  selling  USi  appli¬ 
cation-hosting  services  as  soon  as  the  deal  closes.* 


BY  JOHN  BLAU,  IDG  NEWS  SERVICE 

Efforts  to  establish  security  standards  for  mobile 
devices  were  boosted  last  week  with  the  release 
of  the  Mobile  Trusted  Module  specification. 

The  specification  offers  a  set  of  standards  for 
mobile-phone  manufacturers  and  software  devel¬ 
opers  to  store  data  securely  in  mobile  devices, 
such  as  smart  phones  and  wireless  PDAs. 

The  standards,  which  were  issued  by  the  Trusted 
Computing  Group  industry  association,  have 
been  years  in  development.  They  are  backed  by 
numerous  companies,  such  as  Nokia,  Samsung 
Electronics  and  France  Telecom,  all  of  which  are 
members  of  the  Trusted  Computing  Group’s 
Mobile  Phone  Work  Group. 


Like  the  Trusted  Platform  Module  used  in  PCs, 
the  MTM  stores  information  in  a  secure  area  of 
the  mobile  device  to  ensure  that  the  operating 
system,  applications  and  data  haven’t  been  virtu¬ 
ally  or  physically  tampered  with.  It  uses  a  system 
of  “engines”within  the  device  that  report  the  state 
of  their  code  so  that  their  trustworthiness  can  be 
established. 

Vendors  can  determine  whether  the  MTM 
should  be  a  discrete  silicon  chip  or  a  system-on- 
chip  implementation. 

In  addition  to  helping  manufacturers  and  oper¬ 
ators  reduce  the  risk  of  virus  attack  and  identity 
theft,  the  MTM  can  enable  mobile  payment  and 
ticketing  services.  ■ 


IBM  debuts  encrypted  tape  drive 


BY  DENI  CONNOR 

IBM  last  week  debuted  a  new 
tape  drive  that  encrypts  data  in 
the  drive  itself.  It’s  designed  for 
markets  that  are  increasingly 
regulated  and  concerned  with 
data  loss. 

The  TS 1120  tape  drive  lets 
healthcare  and  financial  ser¬ 
vices  customers  encrypt  data  at 
rest  on  tape  from  mainframe, 
Linux,  Windows  or  Unix  sys¬ 
tems,  thus  eliminating  the  need 
for  host-based  encryption  sys¬ 
tems  or  separate  appliances. 


The  TS  1 1 20  drive  can  be 
installed  in  IBM  and  Sun/ 
StorageTek  tape  libraries.  It  has 
a  capacity  of  1.5TB. 

The  TS1 120  also  supports  key 
management,  critical  to  orga¬ 
nizing  tapes  for  retrieval.  The 
IBM  Encryption  Key  Manager 
for  Java  uses  standard  reposito¬ 
ries  and  encrypts  data  by  appli¬ 
cation,  system  or  tape  library. 
The  tape  drive  uses  3592  car¬ 
tridges,  which  are  available  in 
read-write  or  write  once,  read 
many  times  (WORM)  configura¬ 


tions  for  compliance. 

Encryption  support  is  avail¬ 
able  for  z/OS,  z/VM,  i5/OS,  AIX, 
HR  Sun,  Linux  and  Windows 
platforms. The  encryption  capa¬ 
bility  is  integrated  with  Tivoli 
Storage  Manager. 

The  TS  1 120  competes  with 
appliances  from  Neoscale, 
Decru  and  Vormetric  and  stor¬ 
age  libraries,  such  as  those  from 
Sun/StorageTek  T10000. 

The  TS1120  tape  drive  with 
encryption  capability  starts  at 
$35,000.  ■ 
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NAC 

continued  from  page  18 

Gleichauf:  You  will  always  have  a  cer¬ 
tain  part  of  the  user  community  that 
fears  being  overmanaged,  being  over¬ 
monitored,  but  in  the  enterprise,  which 
is  the  initial  target  for  this  type  of  tech¬ 
nology,  its  a  different  value  proposition 
between  the  corporation  and  the 
employee. 

Ashida:  [This  is]  one  of  the  things  Bob 
and  1  both  discussed  in  very  early  days.  We 
often  came  across  the  issue  of,  should  we 
do  it  this  way  or  that  way  We  often  said,  this 
should  be  an  IT  admin  decision  so  let’s 
make  it  configurable.  Because  every  com¬ 
pany  has  a  different  architecture,  a  different 
infrastructure, so  we  made  that  configura¬ 
bility  a  key  element  in  the  technology 

Gleichauf:  That  is  one  of  the  hardest 
things  we  did. 

“NAP/C-NAC  raises 
the  overall  health  of 
the  average  computer 
in  the  company.” 

Mark  Ashida ,  general  manager  of  Windows 
Networking  at  Microsoft 

How  would  your  classify  C-NAC/NAP  as  an 
approach  to  enterprise  security?  Is  it  reactive 
or  proactive? 

Gleichauf:  It  is  more  like  preventive 
medicine. You  are  making  sure  you  are 
healthy  by  going  to  the  doctor  periodical¬ 
ly  and  hopefully  you’ll  have  lower  med¬ 
ical  bills  in  the  long  term. 

Ashida:  This  may  be  an  obscure  refer¬ 
ence.  1  am  not  sure  if  you  ever  heard  of 
the  health-of-the-herd  idea,  which  is  like 
when  a  lot  of  people  say  1  am  not  going 
to  get  a  flu  shot  and  I  won’t  get  sick.  But 
that  is  partially  because  everyone  around 
them  had  flu  shots  so  they  did  not  get 
sick  because  everyone  around  them  was 
healthy.  But  if  everyone  stopped  getting 
flu  shots,  there  might  be  a  lot  more  flu. 
One  of  the  key  things  about  NAP/C-NAC 
is  that  it  raises  the  overall  health  of  the 
average  computer  in  the  company 

Gleichauf:  And  of  the  infrastructure. 

Ashida:  And  that  is  really  important, 
because  as  the  overall  health  of  the  indi¬ 
vidual  pieces  goes  up,  so  does  the  com¬ 
pany’s  overall  health. 

How  does  the  technology  deal  with  a  reluctant 
end  user,  one  that  maybe  procrastinates 
updating  agents  or  keeping  systems  up-to- 
date  with  software  upgrades? 

Gleichauf:  What  will  happen  in  a  corpo¬ 
ration,  at  least  one  like  Cisco  where  we 
have  a  very  rich  tradition  of  engineering 
entitlement  and  independence,  they  will 
get  on  the  network.They  just  may  not 
have  as  good  a  user  experience  as  if  they 


were  fully  compliant.These  systems  are 
being  designed  so  security  IT  staff  can 
reward  people  for  compliance,  and  only 
the  people  that  are  out  of  compliance 
pay  some  kind  of  tax. 

Policy-based  management  can  be  a  challenge 
for  enterprise  IT  staff.  How  does  the  jointly 
developed  technology  work  toward  enforcing 
policies  across  systems  down  to  the  network 
elements? 

Ashida:  We  view  Active  Directory  as  the 
place  where  you  can  store  your  policies. 
We  view  [Network  Policy  Server]  as  a 
place  where  you  can  transactionally  eval¬ 
uate  those  policies.  And  we  view  ACS  as  a 
way  to  have  a  common  interface  into  the 
network  for  any  kind  of  enforcement  as 
we  go  forward. That  is  how  we  see  the 
technology  from  a  policy  cascading 
down  through  the  infrastructure. 

Gleichauf:  We  have  customers  running 
ACS  to  Active  Directory  now,  where  the 
policy  is  in  Active  Directory.  When 
Vista/Longhorn  comes  in,  inserting  NPS 
in  the  middle  to  act  as  that  policy  arbi¬ 
trator  is  transparent.  It  will  fit  in  because 
of  the  way  it’s  being  done  with  the 
architecture. 

How  does  this  partnership  affect  others  that 
Cisco  has  with  software  providers?  For 
instance  Cisco  and  Microsoft  initially 
announced  their  partnership  in  2004,  around 
the  same  time  Cisco  and  IBM  said  they  would 
team  on  network  access  through  Cisco  prod¬ 
ucts  and  Tivoli  software.  Can  we  expect  to  see 
Cisco  engage  in  more  joint  development 
efforts  with  software  vendors? 

Gleichauf:  We  could  discuss  this  more 
offline,  but  the  relationship  with  IBM  is  a 
good  relationship  for  both  companies 
and  we  are  maintaining  it.  And  until  IBM 
has  consummated  the  [Internet  Security 
Systems]  acquisition,  the  relationship  will 
be  maintained.  Until  they  close  the  acqui¬ 
sition  and  they  are  allowed  to  talk  to  us 
in  greater  detail  about  how  they  are 
incorporating  ISS.we  can’t  really  know 
how  it  impacts  the  relationship  and  it’s 
pointless  to  speculate. 

Cisco's  recent  push  toward  network  manage¬ 
ment  is  spreading  to  security  policy  enforce¬ 
ment.  Why  is  Cisco  suddenly  very  much  inter 
ested  in  managing  its  own  gear,  whether  it  to 
achieve  greater  efficiencies  or  security? 

Gleichauf:  Any  vendor  who  is  success¬ 
ful  has  a  lot  of  control  over  its  fundamen¬ 
tal  control  plane.  Our  control  plane  is  the 
network  fabric.  Google’s  is  search 
engines.  Microsoft’s  is  the  server,  desktop 
and  the  operating  system  environment. 
When  you  have  a  significant  presence  in 
one  of  those  areas,  it  is  only  logical  over 
time  that  you  will  then  decide  in  an 
opportunistic  fashion  what  businesses 
you  want  to  get  into  to  enhance  that  fun¬ 
damental  control  plane.  It’s  logical  for 
Cisco.  It  may  not  be  the  core  competency 


or  the  first  thing  customers  will  think 
when  they  see  the  Cisco  brand,  but  it  is 
something  that  will  be  an  important 
enabler.  Network  management  and  policy 
is  something  that  we  will  actively  develop 
where  it  makes  sense. 

And  it  seems  Cisco  today  is  more  open  to 
sharing  at  least  its  management  development 
efforts  with  specific  partners? 

Gleichauf:  Microsoft  and  Cisco  have 
been  very  open  with  one  another  that  we 
will  both  be  providing  policy  manage¬ 
ment  components.  That  is  why  to  the 
point  of  cross-licensing  our  development 
efforts,  we  were  smart  enough  to  cross- 
license  without  knowing  where  our 
respective  business  units  may  decide  to 
go  with  the  technology  in  the  future. 

Microsoft  has  its  Dynamic  Systems  Initiative, 
and  recently  announced  it  would  work  with 
other  management  vendors  on  developing  and 
fostering  support  for  the  Service  Modeling 
Language.  Why  are  management  vendors  today 
more  apt  to  work  together  on  standards  to 
ease  management  and  security  for  customers 
than  they  were  five  years  ago? 

Ashida:  A  key  part  is  that  enterprises, 


which  have  been  stovepiped  in  func¬ 
tional  groups,  now  want  or  need  to  man¬ 
age  end-to-end. 

End-to-end  will  more  quickly  tell  them 
why  e-mail  is  not  working,  because  it  is 
no  longer  satisfactory  to  have  to  call 
eight  people  to  figure  out  what  the  prob¬ 
lem  is. They  want  to  see  in  one  place 
how  systems  and  infrastructure  are 
working. 

This  is  going  to  be  an  opportunity  for 
vendors  such  as  Microsoft  and  Cisco  to 
work  together,  because  those  are  two 
elements  that  enterprises  need  to 
correlate. 

Gleichauf:  Convergence  is  king  in  dri¬ 
ving  down  costs  and  improving  the  relia¬ 
bility  and  the  quality  of  decisions  you 
make.  ■ 
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Network  Physics  hones 
application  mgmt  focus 


BY  DENISE  DUBIE 

Network  Physics  says  network  engineers 
are  experts  on  ports,  packets  and  protocols. 
Where  they  could  use  some  help  is  in 
quickly  identifying  the  impact  of  specific 
applications  on  network  performance. 

The  company  this  week  at  Interop  plans 
to  show  how  it  has  incorporated  applica¬ 
tion-analysis  capabilities  across  its  up¬ 
dated  management  software  and  distrib¬ 
uted  appliance  suite.  NetSensory  6.0,  a  ver¬ 
sion  of  the  appliances’  operating-system 
software  scheduled  to  ship  in  January, sup¬ 
ports  application  classification,  meaning  it 
can  quickly  identify  the  type  of  appli¬ 


ance  problems,  without  as  much  manual 
intervention  to  perform  “deep-dive  packet 
inspection”  with  a  handheld  protocol  ana¬ 
lyzer,  for  example. 

Network  Physics’  offering  includes  a  cen¬ 
tral  management  and  administration  appli¬ 
ance  called  the  NP-Director  that  works  with 
distributed  appliances  that  send  intelligent 
summary  data  to  the  console. 

The  distributed  appliances  respond  to 
problems  without  direction  from  NP- 
Director,  but  an  administrator  using  NP- 
Director  can  tap  into  endpoint  appli¬ 
ances  to  get  a  global  view  of  a  network. 
Typically,  the  appliances  are  installed  on 


Network  Physics  this  week  is  expected  to  release  new  operating  system  software  for  its  appli¬ 
ance  suite. 


cation  (such  as  VoIP  or  SAP)  by  watching 
and  monitoring  traffic. 

Industry  watchers  say  such  application¬ 
centric  upgrades  are  necessary  for  any 
network  management  vendor  going  for¬ 
ward. Yet  companies  also  need  to  be  able 
to  provide  insight  into  the  data  they  col¬ 
lect  across  network,  system  and  applica¬ 
tion  components,  says  Dennis  Drogseth.a 
vice  president  with  Enterprise  Manage¬ 
ment  Associates. 

“The  company  has  a  history  of  gathering 
huge  amounts  of  rich  data,  but  customers 
have  complained  that  dealing  with  all  that 
information  can  be  a  challenge  for  any¬ 
one  other  than  a  senior  engineer, “ 
Drogseth  says.“With  this  release,  they  have 
gone  a  long  way  to  improving  the  usability 
of  the  data  they  collect  and  providing 
more  granular  means  to  diagnosing  prob¬ 
lems  by  applications.” 

Network  Physics  says  the  added  applica¬ 
tion-discovery  and  monitoring  features  let 
network  engineers  at  all  levels  more 
quickly  determine  the  source  of  perform- 


Correction 


■  The  story  “ISS  jumps  into  e-mail  security 
fray"  (Sept.  11,  page  74)  should  have  stated 
that  the  maximum  number  of  users  that  ISS' 
new  Proventia  Network  Mail  Security  System 
appliance  can  handle  is  10,000.  Also,  the  cor¬ 
rect  spelling  of  the  ISS  senior  manager  of 
product  marketing  is  Dave  Ostrowski. 


a  span  or  mirror  port,  or  via  a  tap,  to  core 
switches  in  a  network. 

The  application-specific  technology, 
which  can  capture  the  various  states  of  an 
application  as  it  completes  transactions 
and  processes,  would  have  Network 
Physics  competing  with  network  manage¬ 
ment  vendors  such  as  Network  General, 
and  could  make  NetSensory  a  comple¬ 
mentary  tool  to  software  from  the  likes  of 
Compuware  and  Mercury  Interactive 
(recently  acquired  by  HP). 

Network  Physics  says  it  will  preview  a  soft¬ 
ware  add-on  to  NetSensory  at 
Interop.  Dubbed  Business  Reporter,  it  pro¬ 
vides  customers  with  a  way  to  generate  re¬ 
ports  for  IT  management,  line-of-business 
managers  and  other  higher-level  executives. 
Expected  to  be  available  in  the  first  quarter 
of  2007,  Business  Reporter  will  be  offered  as 
a  licensed  upgrade  to  NP-Director. 

Network  Physics  also  will  show  Net¬ 
Sensory  5.3,  due  to  ship  by  the  end  of  this 
month.  It  includes  real-time,  service-level 
performance  monitoring  and  reports,  as 
well  as  deeper  insight  into  undefined 
applications,  the  company  says.  It  also  will 
unveil  the  NP-3000,  a  2U  appliance  de¬ 
signed  to  handle  higher  traffic  volumes 
than  existing  appliances  can. 

The  NP-3000  starts  at  about  $40,000  for 
an  enterprise  version.  A  typical  Network 
Physics  deployment  could  include  two  or 
three  distributed  appliances  and  one  NP- 
Director.  Pricing  could  start  around 
$150,000  to  $250,000,  depending  on  net¬ 
work  configuration.  ■ 
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ANNOUNCING  THE 
SECURE  ROUTER 
PORTFOLIO  BUILT 
FOR  CONVERGENCE. 


>SECURE  ROUTER 


Introducing  the  Nortel  Secure  Router  Portfolio.  Finally,  a 
portfolio  that  provides  security  and  reliability,  all  at  25%  less 
cost  than  the  leading  competitor.  It  is  time  to  turn  to  Nortel 
for  end-to-end,  converged  enterprise  network  solutions. 
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Is  your  enterprise 

expanding  around 
the  globe? 


Learn  why  partnering  with  PCCW  Global  will  give  you  the 
international  voice  and  data  services  you  need  to  compete. 


^  TRANSFORMATION  TO  NEXT  GENERATION  NETWORKS 

Whether  you  need  just  bandwidth  or  a  full  range  of 
managed  services  with  global  coverage,  learn  how 
you  can  transform  your  business  with  PCCW's  range 
of  communications  solutions.  View  our  Webcast  today 
and  hear  case  studies  from  international  clients 
spanning  several  industries. 

Go  to:  http://www.networkworld.com/PCCWwebcast 
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703-621-1600  I  www.pccwglobal.coml  NYSE:  PCW 


(Remote)  Office. 


Business  Class  VoIP  provides  the  ultimate  in  mobility 


ADVANCED  CALLING  FEATURES  INCLUDE: 

*  Forward  calls  transparently  to  your  cell  phone  or  home  phone 
IS  Retrieve  your  voicemail  from  your  Outlook  email 
32  Receive  only  the  calls  you  predetermine  as  priority 
S  Conference  in  colleagues  and  hold  a  virtual  meeting 
$2  Reduce  Mobile  Roaming  Charges 
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HP  watchers  dissect  board  scanda 

Customers,  analysts  keeping  an  eye  on  company’s  product  focus,  stability. 


BY  JENNIFER  MEARS 
AND  DENISE  DUBIE 

Improving  financials  have 
brightened  HP’s  outlook,  but  a 
scandal  that  has  resulted  in  the 
resignation  of  the  company’s 
chairman,  as  well  as  state  and 
federal  investigations,  could  seri¬ 
ously  tarnish  HP’s  reputation  as  it 
seeks  to  stabilize  itself,  users  and 
industry  experts  say 

“There  just  seems  to  be  a  lot  — 
too  much  —  fluctuation  within 
HP’  says  James  Maas,  network 
monitoring  engineer  at  Fresenius 
Medical  Care  in  Lexington,  Mass. 

Maas,  who  also  heads  up  the 
New  England  Chapter  of  Open- 
View  Forum,  an  independent 
user  group  for  HP’s  management 
software,  says  negative  press  and 
frequent  executive  changes  con¬ 
cern  him  when  it  comes  to  the 
company’s  priorities  going  for¬ 
ward. 

Last  Tuesday,  HP  announced 
that  Patricia  Dunn,  who  ordered 
an  investigation  into  leaks  of 
company  information  to  the 
media,  would  step  down  as  chair¬ 


man  following  the  company’s 
Jan.  18  board  meeting.  CEO  Mark 
Hurd  will  succeed  Dunn  as  chair¬ 
man,  while  Dunn  will  remain  on 
the  board  as  a  director,  HP  said. 

Board  member  George  Key- 
worth,  who  admitted  to  supply¬ 
ing  information  to  the  media,  re¬ 
signed  on  Tuesday,  effective 
immediately  His  resignation  fol¬ 
lows  the  resignation  in  May  of 
board  member  Tom  Perkins,  who 
stepped  down  in  protest  over  the 
way  the  investigation  was  being 
handled. 

Perkins’  concerns  were  made 
public  in  a  Securities  and  Ex¬ 
change  Commission  filing  two 
weeks  ago,  in  which  HP  admitted 
that  the  investigation  included 
the  use  of  pretexting,  in  which 
investigators  posed  as  journalists 
in  order  to  get  access  to  phone 
records. 

“We  are  in  negotiations  with  the 
company  now  and  all  we  see  is  a 
lot  of  negative  press  coming  from 
the  board.  I  know  it  is  a  big  com¬ 
pany,  but  it  makes  me  wonder 
how  stable  HP  will  be  in  the 


future,”  Maas  says.  “You  have  to 
ask  yourself,  ‘Am  I  making  the 
right  decision  investing  in  this 
technology?’  ” 

HP  needs  to  demonstrate  that  it 
is  focusing  on  its  products  and 
not  get  bogged  down  with  issues 
regarding  the  board,  he  says. 

“The  company  has  to  be  sure 
to  let  me  as  a  customer  know 
what  they  are  doing  to  move 
past  the  negative  times  and  onto 
developing  the  products  I  use,” 
Maas  says.  “The  executives  need 
to  focus  on  the  business  I  real¬ 
ize,  but  they  also  need  to  be  sure 
to  continue  expanding  the 
scope  of  their  products  and 
detail  to  customers  the  future  of 
their  technology” 

Analysts  agree, saying  that  while 
many  customers  may  not  pay 
much  attention  to  the  board 
scandal  now,  if  the  issue  drags  on 
it  could  damage  HP’s  business. 

“The  board’s  tactics  were  inex¬ 
cusable,  but  essentially  isolated 
from  customers,  at  least  in  every 
practical  sense.  But  if  the  various 
investigations  drag  on,  public 


perception  of  HP  is  likely  to  go 
downhill  and  that  could  cause 
concern  among  customers,”  says 
Charles  King,  principal  analyst  at 
Pund-IT 
Research. 

At  the 

same 
time,  the 
board 
shake-up 
will  give 
Hurd  the 
chance  to 
make  any 
changes  he  sees  necessary  at 
the  board  level.  Hurd  has  been 
commended  by  Wall  Street  for 
setting  HP  back  on  course  since 
he  took  over  as  CEO,  replacing 
Carly  Fiorina  a  little  more  than  a 
year  ago. 

While  the  shift  could  be  a  ben¬ 
efit,  some  analysts  question 
whether  the  outcome  will  end  up 
being  more  of  a  negative  factor. 

“The  move  is  generally  toward 
more  board  independence,  so 
adding  chairman  to  Hurd’s  titles 
does  not  seem  like  a  particularly 


positive  step,”  says  Gordon  Haff, 
an  analyst  with  Illuminata.  “I 
don’t  see  it  as  directly  harmful, 
but  we  are  ultimately  left  with  an 
HP  board  whose  influence  has  to 
be  significantly  weakened.” 

For  the  most  part,  analysts  and 
customers  say  HP  made  a  good 
move  by  asking  Dunn  to  resign 
and  that  every  effort  should  be 
made  to  move  HP  beyond  the 
scandal. 

“HP’s  stock  is  back  up,  and 
their  financials  are  holding.  I 
suspect  that  most  of  the  public 
is  not  really  interested  in  these 
kinds  of  stories  except  for  the 
brief  moments  of  time  when 
they  break  into  the  headlines,” 
says  Rich  Ptak,  principal  analyst 
with  Ptak,  Noel  &  Associates.  “I 
suspect  most  people  think  it  is 
just  a  slightly  overzealous  exec¬ 
utive  chasing  a  disloyal  employ- 
ee.They  aren’t  going  to  try  to  go 
any  deeper  in  the  analysis  than 
that.  I  think  as  long  as  HP  suc¬ 
cessfully  implements  its  busi¬ 
ness  strategy,  it  will  continue  to 
do  welL’B 


Patricia  Dunn:  Out 
as  board  chair. 


Centennial  refines  storage  control 


BY  JOHN  COX 

Centennial  Software  has  released  a  new  version  of 
its  software  for  controlling  the  use  of  portable  stor¬ 
age  devices  on  enterprise  laptops  and  desktop  PCs. 

Version  4.5  of  DeviceWall  lets  network  adminis¬ 
trators  track  what  users  do  with  files,  and  grant  tem¬ 
porary  access  to  storage  devices  such  as  USB 
thumb  drives  at  specific  times  or  for  a  given  amount 
of  time. 

DeviceWall’s  user  interface  has  been  redesigned 
so  that  it  conforms  more  to  the  look  and  feel  con¬ 
ventions  in  Microsoft  XP  and  upcoming  Vista  plat¬ 
forms.  The  installation  wizard  has  been  revamped 
to  simplify  loading  the  client  software.  And 
Centennial  now  supports  the  open  source  Apache 
Web  server  in  addition  to  Microsoft  Internet 
Information  Server. 

Centennial  was  founded  in  1997, originally  to  mar¬ 
ket  a  software  program  to  manage  the  Y2K  transi¬ 
tion  for  enterprise  customers.  It  then  offered  a  net¬ 
work  asset  discovery  and  audit  application,  and 
introduced  DeviceWall  in  April  2005  to  control  stor¬ 
age  peripherals  on  laptops.  Centennial  competes  in 
this  segment  with  a  number  of  companies  includ¬ 
ing  Safend  and  Smartline. 

The  new  version  of  the  client  can  now  record 
read/write/delete/rename  actions  done  to  a  given 
file  or  group  of  files.  When  the  laptop  reconnects 


with  the  corporate  network,  the  agent  code  passes 
this  information  to  the  DeviceWall  management 
console. 

Currently,  this  data  is  stored  as  an  audit  history, 
which  the  administrator  has  to  call  up  and  review. 
In  the  future,  DeviceWall  plans  to  create  a  set  of 
alerts  so  that  administrators  can  be  notified  auto¬ 
matically  if  unauthorized  actions  are  taken  on  spe¬ 
cific  files,  says  Brian  McCarthy  Centennial’s  vice 
president  of  marketing. 

“This  was  the  number-one  [change]  request  from 
our  customers,”  he  says.“They  wanted  to  know  who 
was  copying  or  moving  what  information.” 

The  new  version  also  refines  the  control  over  USB 
flash  drives  and  other  storage  media.  The  previous 
version  could  block  the  use  of  such  devices,  includ¬ 
ing  U3  smart  USB  drives  or  DVD  drives,  but  an 
administrator  could  temporarily  unlock  the  device 
at  a  user’s  request. 

In  the  new  version,  administrators  can  schedule 
temporary  use,  say  between  2  p.m.and  4  p.m.on  a 
given  day,  or  grant  use  for  a  specified  time  span. 
After  that,  DeviceWall  would  restore  and  enforce 
the  standard  enterprise  security  policy  for  the 
devices. 

The  new  version  costs  about  $28  per  user;  volume 
discounts  for  1,000  users  brings  the  price  down  to 
about  $19.  ■ 


Sprint  Nextel,  Verizon 
Wireless  air  EV-D0  plans 

BY  DENISE  PAPPALARDO 

Sprint  Nextel  and  Verizon  Wireless,  the  leading  EV-DO  wireless  ser¬ 
vice  providers  in  the  United  States,  both  announced  at  CTIA  Wireless 
IT  &  Entertainment  in  Los  Angeles  last  week  plans  to  bolster  support 
for  EV-DO  Revision  A. 

Sprint  Nextel  is  adding  more  EV-DO  Rev.  A  devices  to  its  line  of  com¬ 
patible  gear,  and  Verizon  Wireless  announced  that  it  will  be  using 
Motorola  network  gear  to  upgrade  to  Rev.  A. 

EV-DO  Rev.  A  supports  higher-speed  wireless  data  transmissions  with 
peak  data  rates  of  up  to  3.1Mbps  downstream  and  1.8Mbps  upstream; 
and  it  is  said  to  better  support  VoIP  high-speed  file  transfers,  real-time 
services  such  as  push-to-talk,  mobile  television  and  video  telephony 

Current  EV-DO  deployments  max  out  at  about  2.4Mbps. 

Sprint  says  it  is  making  two  additional  wireless  cards  available  to 
customers  in  the  fourth  quarter:  the  Sprint  Mobile  Broadband  Card 
by  Pantech  (PX-500)  and  the  Sprint  Mobile  Broadband  Card  by  Sierra 
Wireless  (Aircard  595). They  will  cost  $199  and  $99,  respectively 

Sprint  announced  its  plans  in  March  to  upgrade  its  wireless  data  net¬ 
work  with  EV-DO  Rev.  A  later  this  year  with  faster  services  available  in 
the  first  quarter  of  2007. 

The  wireless  service  provider  currently  offers  one  Rev.  A  capable 
device, the  Sprint  Mobile  Broadband  Card  by  Novatel  Wireless  (S720). 

Motorola  has  been  one  of  Verizon  Wireless’  network  suppliers  for  a 
number  of  years.  Based  on  Verizon  and  Motorola’s  new  deal,  Verizon 
will  use  Motorola  gear  to  upgrade  its  first  generation,  EV-DO  Rev.O  and 
Code  Division  Multiple  Access  lxRTf  sites  to  lxEV-DO  Rev.A.M 


Remember  when  technology 
had  the  ability  to  amaze  you? 


Believe  again. 

Now  you  can  believe  in  a  new  kind  of  IT  management.  Unified  and  simplified  to  make  your 
business  more  productive,  nimble,  competitive  and  secure. 

We  all  know  that  companies  are  demanding  more  from  IT  —  expecting  IT  to  be  a  strategic 
and  competitive  advantage.  Yet  today's  complex  IT  environments  require  you  to  manage 
across  point  solutions,  siloed  organizations  and  redundant  technology. 

A  better  alternative?  Choose  an  integrated  approach  to  IT  management.  An  approach  in 
which  software  unifies  your  people,  processes  and  technology  to  increase  efficiency  and 
optimization.  Only  one  global  software  company  can  do  that.  CA,  formerly  known  as 
Computer  Associates,  has  focused  solely  on  IT  management  software  for  over  30  years. 

Our  technology  vision  that  makes  this  promise  real  is  called  Enterprise  IT  Management, 
or  EITM.  At  its  heart  is  the  CA  Integration  Platform  —  a  common  foundation  of  shared 
services  that  gives  you  real-time,  dynamic  control  and  flexibility.  Its  greatest  benefit? 

CA  software  solutions  come  to  you  already  integrated,  and  able  to  integrate  with  your 
existing  technology  to  optimize  your  entire  IT  environment. 

Ultimately,  a  well-managed  IT  environment  gives  you  the  visibility  and  control  you  need 
to  manage  risk,  manage  costs,  improve  service  and  align  IT  investments.  To  learn  more 
about  how  CA  and  our  wide  array  of  partners  can  help  you  unify  and  simplify  your  IT 
management,  visit  ca.com/unify. 
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TECHNOLOGY  IIPMH 

*  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Change  control  minimizes  outages 


HOW  IT  WORKS:  CHANGE  CONTROL  SOFTWARE 

Change  control  software  is  installed  on  servers  to  link  the  IT  infrastructure 
with  change  processes. 

•  Changes  are  tracked  and  validated  in  real  time,  and  change  policies  are  automatically  enforced  upon 
deployment. 

•  All  changes  are  documented  even  if  they  come  from  outside  of  the  change  management  process. 

•  Actual  changes  are  correlated  with  change  management  systems  for  compliance  audit  and  process 
improvement. 


BY  JAY  VAISHNAV 

For  many  IT  organizations,  firefighting  is  a 
way  of  life  to  ensure  service  availability.This 
is  because  availability  is  constantly  threat¬ 
ened  by  changes  to  the  infrastructure  that 
don’t  conform  to  IT  service  management 
processes  and  policies. 

Change  control  software  links  IT  service 
management  systems  and  processes  with 
the  infrastructure  by  providing  real-time 
change  tracking,  validation  of  change  activ¬ 
ity  against  change  tickets,  and  automated 
enforcement  of  change  policies.  By  using 
change  control  technology  to  close  the 
change  gap,  organizations  can  increase  the 
availability  of  IT  services,  enable  the  suc¬ 
cessful  implementation  of  Information 
Technology  Infrastructure  Library  (ITIL) 
projects  and  reduce  the  cost  of  compliance 
initiatives  with  regulations  such  as  the 
Sarbanes-Oxley  Act. 

The  people  problem 

Research  has  shown  that  as  much  as  80% 
of  system  unavailability  is  caused  by  incor¬ 
rectly  applied  change.  This  includes 
changes  made  at  unauthorized  times  or 
without  approved  change  tickets,  and  can 
also  include  approved  changes  that  are  not 
properly  executed. 

Current  change  management  processes 
designed  to  manage  service  availability  rely 
heavily  on  people  carefully  following  policy 
using  manual  methods,  and  are  carried  out 
with  a  limited  understanding  of  the  nature 
of  change  within  the  infrastructure.  These 
processes  cannot  ensure  that  changes  are 
applied  correctly,  as  they  would  be  if  collec¬ 
tion  of  data  from  the  infrastructure  and  the 


application  of  control  to  the  infrastructure 
were  sufficiently  automated.  Changes  often 
are  applied  incorrectly  resulting  in  costly 
service  outages. 

Change  control  delivers,  integrates  and 
automates  the  following  capabilities: 

•  Gaining  real-time  visibility  into  change. 

•  Linking  actual  infrastructure  changes  to 
change  management  processes  and  systems. 

•  Automating  change  policy  enforcement. 

IT  organizations  have  typically  used  scan- 

based  technology  to  troubleshoot  service 
availability  problems,  running  periodic  sys¬ 
tem  scans  to  analyze  differences  that  might 
have  caused  an  outage.  Performance  and 
operational  overhead  limit  the  frequency 
of  scanning,  resulting  in  an  out-of-date  view 
of  the  infrastructure. 

Today  change  control  technology  pro¬ 
vides  complete,  up-to-the-moment  informa¬ 
tion  about  changes  to  the  infrastructure.  As 
users  implement  changes  to  the  infrastruc¬ 
ture,  change  control  software  collects  infor¬ 
mation  in  real  time  about  what  changes  are 
being  made,  when  changes  are  made,  how 


they  are  made  and  by  whom. This  informa¬ 
tion  is  then  sent  to  a  central  repository 
where  an  administrator  can  securely  ac¬ 
cess  the  information  to  determine  actual 
change  behavior  and  quickly  search  for 
forensic  information  to  resolve  service 
interruptions. 

Once  changes  are  tracked  and  under¬ 
stood,  change  control  software  categorizes 
the  information  to  determine  how  actual 
changes  deviate  from  the  expected  pro¬ 
cess.  The  completeness  of  the  change  data 
collected,  combined  with  the  fact  that  it  is 
collected  continuously  and  not  in  snap¬ 
shots,  enables  highly  accurate  reconcilia¬ 
tion  with  the  change  process. 

The  software  automatically  correlates 
actual  changes  with  an  existing  change- 
ticketing  system  and  automatically  popu¬ 
lates  change  tickets  with  actual  change 
details  when  necessary  In  the  case  where 
no  documentation  or  change  ticket  exists, 
such  as  in  emergency  change  activity, 
change  control  can  close  the  documenta¬ 
tion  loop  by  creating  the  appropriate 


change  ticket  for  post-facto  review  and 
approval. 

Once  an  organization  establishes  an 
approved  change  process,  change  control 
software  provides  the  mechanisms  re¬ 
quired  to  enforce  the  policy  Change  con¬ 
trol  software  automatically  ensures  changes 
made  to  the  infrastructure  are  in-line  with 
the  change  policy  and  provides  selective 
enforcement  of  policies  based  on  criteria 
such  as  the  source  of  change,  the  autho¬ 
rized  time  window  for  making  the  change 
and  whether  an  approved  change  ticket  is 
associated  with  the  change.  Change  control 
can  automatically  allow  programs  that  are 
authorized  updaters  to  make  changes  with¬ 
out  restriction,  minimizing  disruption  to 
operational  process. 

If  a  user  or  program  attempts  to  execute  a 
change  outside  of  an  authorized  update 
window,  or  if  an  unauthorized  program  tries 
to  make  a  change,  the  changes  are  stopped 
before  they  occur.  The  software  can  also 
require  that  an  approved  change  ticket  ID 
be  input  and  validated  before  enabling  an 
update. 

Managed  service  providers  who  require 
“five  nines”  availability  use  change  control 
to  reduce  outages  and  shorten  resolution 
time,  while  retailers  are  improving  the 
auditability  and  availability  of  their  pay¬ 
ment  infrastructures.  Manufacturers  also 
realize  enormous  cost  savings  by  ensuring 
changes  can  only  occur  during  scheduled 
maintenance  windows. 

Vaishnav  is  a  vice  president  of  product 
development  for  Solidcore  Systems.  He  can 
be  reached  at  jay@solidcore.com 


Ask  Dn  Internet  By  Steve  Blass 


I  bought  a  new  laptop  without  a  PCMCIA  card 
slot  and  need  a  way  to  connect  my  PCMCIA- 
based  EV-DO  broadband  wireless  card  so  I  can 
travel  with  the  new  notebook  instead  of  the  old 
one.  Are  there  adapters  available? 

Yes,  there  are  USB  adapters  for  some  EV-DO  cellular 
modem  cards  that  will  let  you  use  the  PCMCIA  modem 
card.  Depending  on  the  card  and  service  provider,  you 
may  be  able  to  use  one  of  these  adapters. 

Unfortunately,  the  adapters  available  are  not  generic. 


PCMCIA  ports  are  more  data  intensive  than  USB 
ports,  so  it  takes  additional  electronics  to  support 
PCMCIA  over  USB. 

You'll  need  an  adapter  specific  to  your  EV-DO  modem 
card,  and  may  even  need  one  specifically  designed  for 
the  service  provider  network  you  use.  Allegiance 
Technology  Partners,  for  example,  has  an  adapter  for 
$200  that  works  with  specific  card  models 
(www.nwdocfinder.com/5180). 

In  addition,  USB  EV-DO  modems  also  are  beginning 
to  be  released  that  will  plug  directly  into  the  USB 


port,  eliminating  the  need  for  the  PCMCIA  card 
(Sierra  Wireless  has  announced  some).  Check  your 
service  provider's  support  Web  site  for  information 
about  adapters  and  options  available  for  your  particu¬ 
lar  service. 

Be  prepared  to  spend  as  much  as  you  spent  on  your 
original  EV-DO  card  —  none  of  the  available  devices  we 
found  are  inexpensive. 

Blass,  a  network  architect  at  Change@Work  in  Hons 
ton,  can  be  reached  at  dr.internet@changeatwork.com 

— inmm  i  in  i'll  hi . .  irr  -Tr--- . 


The  World  According  To  Paulina 

Dynamic  Networking  from  AT&T  enables  Paulina  to  run  multiple  applications  simultaneously 
and  securely  over  a  global  IP  VPN.  Predicting  traffic  on  the  fly  to  maximize  efficiency  across 
the  enterprise.  Creating  real-time  responsiveness,  greater  performance  and  a  green  light  to 
go  full  speed  ahead.  Learn  how  Dynamic  Networking  can  enable  your  business. 


att.com/networking 
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Data-intense,  design-simple  graphics 


Say  you’re  writing  a  report  on  how 
your  Web  site’s  sales  system  has  been 
performing,  and  you  want  to  show 
the  VP  of  sales  the  important  statis¬ 
tics.  You  could  hit  her  with  one  big 
graph  or  a  set  of  graphs  created  in 
Excel,  but  you  know  she’s  not  going 
to  focus  on  anything  that  is  too 
techie  looking.  Even  so,  you  want  to 
get  the  information  into  her  brain  as 
easily  as  possible. 

You  want  to  be  persuasive  and 
effective,  so  what  you’re  really  try¬ 
ing  to  communicate  are  trends  rather  than  detailed  data. 
In  this  situation  a  technique  called  sparklines  might  be 
the  way  to  go.  Invented  by  Edward  Tufte  (professor  emer¬ 
itus  of  statistics,  graphic  design  and  political  economy  at 
Yale  University,  and  a  critic  of  using  PowerPoint  for  pre¬ 
sentations)  sparklines  are  a  simple,  elegant  idea. 
According  to  Tufte,  sparklines  are  “data-intense,  design- 
simple,  word-sized  graphics.”  According  to  us,  sparklines 
are  miniature,  in-line  graphs. 

Here’s  an  example: 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Oil  prices  fall  for  7th  straight  session  64.85 


60.03 


The  distinction  between  regular  graphs  and  sparklines  is 
subtle  and  powerful.Your  average  Excel  chart  most  often  is 
used  to  show  as  much  data  as  possible,  typically  standing 


by  itself,  separate  from  the  text  that  describes  it. 

Sparklines,  on  the  other  hand,  are  intended  to  be  part  of 
the  stream  of  text,  instantly  understandable  without  adding 
unnecessary  detail.  You  can  find  Tufte’s  explanation  of 
sparklines  at  www.nwdocfinder.com/5181. 

Note  that  sparklines  don’t  have  to  be  lines  —  they  can  be 
bars,  pie  charts:  whatever  gets  the  message  across. 

To  create  sparklines  you  have  several  alternatives.  You 
could  create  them  in  Excel,  but  that  is  not  easy  even  with  a 
macro.  Better  choices  would  be  a  Web-based  service  that 
creates  sparklines  for  you  or  software  that  operates  as  an 

Sparklines  are  a  simple, 
elegant  idea. 

add-in  for  Microsoft  Office  applications. 

Our  favorite  Web-based  service  is  the  Sparkline  Generator 
Web  Application  (www.nwdocfinder.com/5182)  by  Joe 
Gregorio.  He  provides  an  interactive  sparkline  generator 
and  makes  the  CGI  code  available  for  free,  so  you  can  run 
the  software  on  your  own  server. 

His  implementation  is  really  nice;  this  reference  to  CGI 
code  in  a  Web  page  . . . 

<p>Sales  started  to  slump  <img  src=”http://bit 
working.org/projects/sparklines/spark.cgi? 
ty  pe=smooth&d=l  0,2  0,30, 90,80, 70&step=4&in- 
m=true&max-m=true”>  yesterday</p> 


. . .  will  produce  a  sparkline  like  this: 

Sales  started  to  slump  yesterday 

It  would  be  easy  to  modify  the  sparkline.cgi  request  to 
work  with  dynamic  data  by  using  Asynchronous 
JavaScript  +  XML. 

If  you  want  to  add  sparklines  to  your  Microsoft  Office 
2000, XP  and  2003  documents, you  might  want  to  check  out 
Bissantz  SparkMaker  (www.nwdocfinder.com/5183). 

SparkMaker  installs  itself  into  Word,  Excel  and  Power¬ 
Point.  It  becomes  available  as  a  nonmodal  pop-up  when 
invoked  from  the  application  toolbar  and  provides  a  win¬ 
dow  where  you  enter  your  list  of  values  and  set  up  how  the 
sparkline  will  be  displayed. The  output  is  inserted  into  the 
current  document  as  a  graphic  or  as  text  (using  Bissantz’s 
SparkFonts;  go  to  www.nwdocfinder.com/5184  for  details). 

Under  Excel  it  adds  a  function  that  creates  a  sparkline  in 
a  cell. Very  cool. 

Our  only  complaint  is  that  SparkMaker  needs  a  feature  to 
reverse  the  order  of  the  data  —  often  data  you  copy  from 
somewhere  else  is  in  the  wrong  order. So  it  would  be  much 
better  to  not  have  to  paste  the  data  into  Word  and  then  sort 
it,  copy  the  new  version  and  paste  it  into  SparkMaker. 

SparkMaker  is  really  cool  and  is  free  for  private  and  aca¬ 
demic  use,  but  at  $199  for  commercial  use,  it  is  rather 
expensive. 

Spark  a  conversation  with  gearhead@gibbs.com. 


'  GoolTools 

Quick  takes  on  high-tech  toys.  Keith  Shaw 

Here’s  a  quick  roundup  of  some  cool  in-car 
accessories  that  I’ve  enjoyed  recently: 

The  scoop:  Supertooth  11  Bluetooth  Speak¬ 
erphone,  by  BlueAnt  Wireless,  about  $130. 

What  it  is:  A  very  portable  speakerphone,  the  Super¬ 
tooth  II  lets  you  talk  hands-free  wirelessly  with  any 
Bluetooth-enabled  cell  phone.The  Supertooth  II  includes  a 
noise-canceling  microphone  that  pivots  for  the  best  positioning 
and  includes  a  digital  sound  processor,  built-in  rechargeable  lith 
ium-ion  battery  (with  up  to  20  hours  of  talk  time  and  up  to  800  hours 
standby)  and  adjustable  volume  control. 

Why  it’s  cool:  What  makes  this  product  shine  is  the  magnetic  clip 
that  can  attach  to  a  sun  visor  in  the  car. This  lets  you  perfectly  posi¬ 
tion  the  device  in  the  car  for  optimal  sound  quality  and  makes  it 
extremely  portable  —  need  to  switch  cars?  Just  detach  the  Super¬ 
tooth  from  the  magnetic  clip,  detach  the  clip  from  the  visor  and  you’re  off  to  your 
next  location.  It’s  also  nice  to  have  a  speakerphone  feature  for  those  times  when 
you  have  multiple  people  in  the  car, and  you  want  them  to  hear  and  participate  in 
the  phone  call. 

Some  caveats:  1  couldn’t  find  any  Even  the  Bluetooth  pairing  process,  normally  a 
nightmare,  went  smoothly  as  long  as  I  read  the  directions  —  once  I  knew  what  but¬ 
tons  to  push,  the  Supertooth  II  paired  with  my  Bluetooth  phone  quickly  and  easily 

Grade:  ★★★★★  (out  of  five) 

The  scoop:  RDS  FM  Transmitter/  Car  Charger  for  iPod,  by  Kensington,  about  $90. 

What  it  is:  Jhis  iFbd  accessory  lets  you  play  music  and  podcasts  stored  on  your  iPod 
(any  model  with  a  30-pin  dock  connector, except  the  3G  iFbds)  via  FM  transmission 


to  your  car  FM  radio.  The  gadget  is  powered  by  the  cigarette  adapter,  which  also 
simultaneously  recharges  the  iPod.The  device  includes  three  presets  that  let  you  pick 
three  FM  frequencies  in  order  to  transmit  over  (the  key  is  to  pick  a  frequency  where 
there’s  no  signal  to  avoid  any  interference). The  frequency  is  then  shown  on  the  dis¬ 
play  of  the  iPod,  letting  you  switch  your  car  stereo  to  that  frequency 

In  addition,  the  device  supports  the  Radio  Data  System,  which  transmits  data  over 
the  FM  signal  into  the  car  radio. This  lets  the  gadget  display  song  title  and  artist 
name  on  the  car  stereo. 

Why  it’s  cool:  The  sound  quality  from  the  FM  transmitter  was 


great  —  I  didn’t  receive  any  static  or  volume 
issues  that  I’ve  experienced  with  other  iPod 
FM  transmitters.  I  liked  having  the  ability  to 
charge  the  adapter  while  playing  the 
music;  I’m  paranoid  about  my  iPod  battery 
life  running  out,  so  it’s  cool  to  be  able  to 
charge  the  device  and  listen  to  music  at  the 
same  time. 

Some  caveats:  The  device  works  only  when 
connected  to  the  cigarette  adapter,  unlike  other 
FM  transmitters.  In  addition,  because  the  gadget  is  connected  via 
cable  to  the  iPod,  there’s  no  good  place  to  mount  the  iPod  while  it’s 
connected,  which  means  it  will  end  up  in  the  cup  holder. 

Grade:  ★  ★★★! 


The 

Supertooth 
speakerphone  clips  to  your  car’s 
sun  visor. 


Shaw  can  be  reached  at  kshaw@  nww.com 
Catch  the  Cool  Tools  Video  Show  every 
Thursday  online  at  www.networkworld. 
com,  and  be  sure  to 
download  the  Twisted 
Pair  Podcast  every 
Friday! 


With  Kensing 
ton’s  Car 
Charger,  you 
can  listen  to 
your  iPod  over 
FM  radio. 
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Any  MFP  can  print  colorful  growth  charts. 
How  many  can  actually  help  you  achieve  them 


INTRODUCING  THE  SHARP  MX-SERIES.  Thanks  to  the  revolutionary 
Sharp  Opep  Systems  Architecture,  these  multifunction  products  seamlessly  integrate 
with  your  network  to  keep  up  with  your  growing  business.  They  also  deliver  outstanding 
color  and  enhanced  productivity.  No  wonder  Sharp  MFPs  won  the  BLI  award  for 
"IT  Friendliness"  and  the  BERTL  5-Star  Exceptional  rating  for  product  usability.  To  start  your 
own  renaissance  of  color,  visit  sharpusa.com/documents 
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ENERGY  STAR 


As  an  ENERGY  STAR” 
Partner,  Sharp  has 
determined  iha!  this 
product  meets  the 
ENERGY  STAR’  guidelines 
(or  energy  efficiency 
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III 

VON  spreads  wings, 
embraces  IP  video 

The  Voice  on  the  Network  conference  celebrated  its 
10th  anniversary  in  Boston  last  week,  with  founder  Jeff 
Pulver  noting  that  the  first  show  attracted  224  atten¬ 
dees  while  this  one  was  expected  to  draw  more  than 
10,000. 

Instead  of  looking  back  at  VoIP  milestones,  however, 

Pulver  used  his  opening  keynote  to  highlight  developments 
in  IP-based  video,  saying  he  believes  it  is  the  next  big  thing. 
His  hope  is  to  see  the  show  help  cross-pollinate  ideas 
among  the  traditional  VON  crowd  and  newcomers  pursu¬ 
ing  the  development  of  Internet-based  entertainment. 

The  new  technology  will  be  so  disruptive  that  the  en¬ 
trenched  players  will  push  for  its  regulation,  Pulver  said.  But 
he  predicts  opportunities  will  abound. “Who  starts  the 
Vonage  of  TV?”  he  asked. ‘And  if  movies  start  to  premier  on 
the  Internet,  who’s  going  to  sell  the  popcorn?” 

To  bolster  Pulver’s  point  about  the  potential,  the  next 
speaker  was  Ted  Leonsis.vice  chairman  of  AOL,who  said 
the  company  already  has  45  channels  on  its  video  portal. 
That  lineup  includes  In2TV,  which  viewers  can  use  to  watch 
old  TV  programs;  in  October  the  company  plans  to  launch 
something  it  calls  Uncut  Video  for  shorts  a  la  YouTube. 

Many  other  speakers  at  the  show  focused  on  IP-based 
video,  but  one  speaker  from  the  traditional  VoIP  crowd  was 
Jeffrey  Citron,  chairman  and  chief  strategist  at  Vonage.  He 
reveled  in  the  fact  that  in  the  four  years  since  the  company 
launched  its  VoIP  service,  everyone  has  been  predicting  the 
company’s  failure  —  while  on  Labor  Day  it  hit  the  2  million 
subscriber  mark. 

Regional  CATV  and  other  players  will  lead  in  the  local 
VoIP  market,  he  said,  but  Vonage  is  10  times  the  size  of  its 
nearest  national  competition. 

Start-up  Truphone  can  only  hope  for  such  a  meteoric  rise. 
The  company  was  at  VON  to  take  the  wraps  off  its  VoIP  ser¬ 
vice  for  cell  phone  users. 

Technical  Director  Alistair  Campbell  said  the  Session 
Initiation  Protocol-based  service,  which  is  still  in  beta,  lets 
users  with  dual-mode  cell  phones  (Nokia,  for  now)  route 
calls  over  Wi-Fi  links  to  the  Internet.  Once  connected,  calls 
can  be  routed  over  the  Internet  and  connected  free  to 
other  Wi-Fi-linked  Truphone  users,  or  connected  at  low  cost 
to  other  cell  phones  or  traditional  land  lines. 

A  call  from  a  cell  phone  to  a  landline  in  England,  where 
the  company  is  based, costs  2.7  cents  per  minute,  for  exam¬ 
ple,  while  a  cell  call  to  a  cell  phone  user  in  England  would 
be  20  cents  per  minute.  As  a  promotion,  the  company  is 
offering  free  calling  to  landlines  until  Dec.  31. 

There  is  still  opportunity  for  innovation,  it  would  seem,  in 
the  VoIP  arena. 

—  John  Dix 
Editor  in  chief 
jdix@nwiv.com 


Invest  in  American  labor 

Regarding  Linda  Musthaler’s  column  “Recruiting 
solution:  invest  in  U.S.  workers”  (www.nwdocfinder. 
com/5223):  I  agree  completely.  I  constantly  hear  U.S. 
technology  CEOs  say  they  can’t  find  qualified  em¬ 
ployees  in  the  United  States.  I  believe  this  is  to  rein¬ 
force  their  pleas  to  Congress  to  raise  the  Hl-B  quo¬ 
tas.  It’s  easier  to  find  highly  educated  employees  in 
India  and  other  countries  because  the  currency  ex¬ 
change  rates  often  work  in  the  U.S.  favor:  $40,000  a 
year  goes  a  lot  further  in  India  than  in  the  United 
States.  Why  don’t  we  just  extrapolate  the  equation 
and  hire  foreign  CEOs?  That  would  cut  millions  from 
the  payroll. 

Furthermore,  if  Red  Hat  is  committed  to  hiring  two- 
thirds  of  its  new  employees  from  abroad,  then  why 
should  the  U.S.  government  enforce  Red  Hat’s  intel¬ 
lectual-property  rights?  If  a  majority  of  its  growth  in 
employees  is  from  India,  let  Red  Hat  seek  its  copy¬ 
right  protection  from  India. 

Gary  Tsuchiyama 
Chicago 

In  reading  Linda  Musthaler’s  column  on  recruiting, 
I  was  struck  by  the  line  in  which  she  appeals  to  Bill 
Gates  to  put  his  money  where  his  mouth  is  and 
develop  the  next  generation  of  computer  scientists. 
I  am  with  her  on  Red  Hat’s  lack  of  interest  in  local 
investment,  but  I’ve  always  thought  Gates  (and  by 
extension,  Microsoft)  had  foundations  and  grant 
programs  set  up  to  distribute  money  and  software  to 
the  technology-needy  A  quick  search  of  Google 
turned  up  a  site  (www.nwdocfinder.com/5224)  with 
a  splash  page  saying,  “Microsoft  is  committed  to 
building  the  pipeline  of  future  computer  scientists.” 

From  previous  employment,  I  know  firsthand  that 
Microsoft  is  one  of  the  major  providers  of  low-cost 
software  to  charitable  organizations.  Other  partners 


include  Adobe,  Intuit  and  HPRed  Hat  is  not  among 
them.  We  also  should  be  dismayed  to  find  that  Red 
Hat  does  have  a  scholarship  program  —  in  India 
(www.nwdocfinder.com/5225).  Matthew  Szulik 
wasn’t  complaining  as  much  as  he  was  explaining. 

Mitch  Enright 
Network  administrator 
Orange  County  Employees  Association 
Santa  Ana,  Calif. 

Red  Hat  CEO  Matthew  Szulik  says  his  biggest 
problem  is  recruiting.  He  should  have  been  honest 
and  said  his  biggest  problem  is  recruiting  U.S. 
workers  who  will  work  for  $10  per  hour  or  what¬ 
ever  IT  workers  get  paid  overseas.  Szulik’s  problem 
is  not  a  lack  of  talented  U.S.  labor;  his  problem  is  a 
lack  of  talented  U.S.  labor  he  can  exploit  at  bar¬ 
gain-basement  prices. 

David  Wrisley 
Lincolnshire,  Ill. 

When  I  was  growing  up,  it  was  commonplace  for 
companies  to  invest  in  their  local  communities  to 
develop  the  proper  skill  sets  necessary  to  help  com¬ 
pany  and  employees  prosper.This  was  before  the  lat¬ 
est  version  of  greed  that  permeates  corporate 
America  today  Instead  of  investing  in  the  communi¬ 
ties  in  which  they  operate,  companies  find  it  less  ex¬ 
pensive  to  develop  talent  overseas.  They  then  use 
the  sorry  excuse  of  a  lack  of  skilled  talent  in  this 
country  to  meet  their  needs  as  the  reason  for  out¬ 
sourcing.  American  dollars  are  destroying  America. 

Anthony  Davis 
Director,  production  operations 
NextAction 
Westminster,  Colo. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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SOX  WATCH 
Michael  Kamens 


ABOVE  THE  CLOUD 
James  Kobielus 


Change  management  is  key  to  SOX  success 


While  perusing  a  draft  of  “IT  Control  Ob¬ 
jectives  for  Sarbanes-Oxley,  2nd  Edition” 
(www.nwdocfinder.com/5178),  I  discov¬ 
ered  several  profound  statements  in  the  section 
on  compliance  and  IT  governance:  “There  is  no 
such  thing  as  a  risk-free  environment,  and  com¬ 
pliance  with  the  Sarbanes-Oxley  Act  does  not  cre¬ 
ate  such  an  environment. . . .  Good  IT  governance 
over  planning  and  life-cycle  control  objectives 
should  result  in  more  accurate  and  timely  finan¬ 
cial  reporting.”  This  thinking  lets  today’s  IT  audi¬ 
tors  focus  on  the  key  controls  posing  the  most 
risk,  rather  than  those  on  the  fringe. 

This  tactic  is  having  a  major  impact  on  manage 
ment  —  substantially  reducing  the  cost  of  the 
SOX  audit  by  limiting  testing  to  key  controls  — 
and  on  soft  costs  —  reducing  the  amount  of  time 
IT  groups  spend  compiling  voluminous  amounts 
of  evidence  for  auditors.  More  important,  we  are 
seeing  more  knowledgeable  internal  SOX  teams 
working  in  an  environment  with  external  accoun¬ 
tants  that’s  friendlier,  in  part  because  all  parties 
have  more  experience  working  together. 

This  situation  can  save  companies  money  but 
only  if  their  outsourced  and  in-house  auditors 
understand  the  intent  of  the  IT  control  objec¬ 


tives.  Companies  must  address  the  controls  accu¬ 
rately  and  be  diligent  about  staying  within  their 
scope.  Without  strict  adherence  to  the  intent  of 
each  control  activity’s  description,  teams  often 
move  in  different  directions.  By  the  time  a 
description  is  reviewed  and  people  realize  what 
happened, time  has  been  wasted  and  the  project 
is  delayed. 

Change  management  poses  one  of  the  most  dif- 

Change  management 
poses  one  of  the  most 
difficult  challenges 
to  the  IT  staff. 

ficult  challenges  possible  to  IT  staff,  because 
many  companies  don’t  have  formal  policies  or 
procedures  in  place  —  a  major  requirement  of 
SOX.  When  asked  how  they  manage  changes, 
most  IT  groups  reply“We  know  what  needs  to  be 
done,  and  everyone  works  as  a  team.”  One  of  the 
most  frequent  questions  I  get  from  IT  groups  is, 
“When  can  I  use  an  [IT  change  request]  instead 
of  a  very  detailed  change  management  policy?”  A 
proper  answer  is  that  an  IT  change  request  is  used 


for  standard  IT  maintenance  performed  during 
regularly  scheduled  maintenance.  Usually 
change  requests  do  not  have  a  substantial  effect 
on  the  company’s  financial  results. 

A  change-management  policy  is  used  for  proj¬ 
ects  that  could  have  a  major  effect  on  a  compa¬ 
ny’s  financials.  In  the  policy  the  business  process 
owner  should  describe  what  action  is  planned, 
the  effect  it  will  have,  the  benefits  it  will  provide 
and  the  resources  it  needs,  as  well  as  the  time- 
frame  to  complete  it  (including  a  back-out  plan), 
a  plan  for  user  acceptance,  and  any  other  partic- 
ulars.The  policy  is  sent  to  all  involved  parties  and 
a  detailed  plan  is  laid  out  that  must  meet  every¬ 
one’s  approval.  When  a  project  has  a  major  effect 
on  financials  and  requires  several  groups  to  par¬ 
ticipate  to  ensure  a  successful  completion,  the 
risk  level  is  high. The  change  management  policy 
must  be  followed,  and  the  IT  auditors  will  be  test¬ 
ing  to  see  whether  your  organization  adhered  to 
its  written  procedures. 

Kamens  has  a  law  degree,  is  a  certified  informa¬ 
tion  security  manager  and  is  director  of  IT  at 
Accume  Partners.  He  can  be  reached  at  mka 
mens@accumepartners.  com. 


Real-time  needs  drive  data  retooling 


Business  battles  are  fought  in  real  time, and  IS 
must  keep  pace.  Real-time  business  intel¬ 
ligence  infrastructures  promise  a  never- 
ending  stream  of  fresh  information,  insight  and 
decision  support  to  frontline  knowledge  workers. 

Nevertheless,  real-time  business  intelligence  has 
not  graduated  to  enterprise  primetime  yet.  Most 
production  business-intelligence  implemen¬ 
tations  rely  on  data  warehouses,  which  consoli¬ 
date  operational  data  loaded  via  scheduled  batch 
transmissions  rather  than  real-time  updates  from 
source  databases.  As  a  result,  many  organizations 
have  rich  stores  of  historical  data  in  their  data 
warehouses,  but  few  contain  information  that  is 
refreshed  continuously 

A  traditional  data  warehouse  operates  in  store- 
and-forward  mode,  introducing  latency  into  data 
delivery  to  reports,  dashboards  and  other  busi¬ 
ness  intelligence  applications.  Most  of  today’s 
data  warehouses  have  been  optimized  for  spe¬ 
cific  latency-producing  operations:  extraction, 
transformation  and  loading  (ETL)  of  data  from 
operational  database  management  systems 
(DBMS);  retention  of  that  data  in  persistent  repos¬ 
itories;  and  retrieval  of  that  stored  data  into  re¬ 
ports,  graphical  dashboards,  multidimensional 
online  analytical  processing  cubes  and  other 
business  intelligence  outputs. 

It  is  possible  to  retool  data  warehouses  to  sup¬ 
port  real-time  business  intelligence.  Some  data 
warehousing  vendors  have  begun  to  address  these 
requirements  in  their  products.  Doing  so  requires 
that  data  warehouses  —  as  enterprises’  master 
data  management  hubs  —  be  redesigned  to  serve 
also  as  real-time,  application-layer  data  routers  (in 
the  broad  sense  of  that  term).  For  example,  NCR 


Teradata’s  active  data  warehousing  adds  support 
for  near-real-time  ETL  and  data  delivery.  Just  as 
important,  the  vendor  has  added  the  policy-driven 
event  detection,  processing  and  notification  fea¬ 
tures  needed  to  manage  the  flow  of  real-time 
events  between  data  sources  and  consumers,  as 
brokered  through  the  data  warehouse. 

Though  organizations  are  beginning  to  use 
active  data  warehouses  for  real-time  business  in¬ 
telligence,  no  one  is  seriously  considering  de¬ 
ploying  them  as  general-purpose,  application- 
layer  routers,  because  data  warehouses  usually 
are  deployed  in  hub-and-spoke  configurations 

For  all  its  promise,  real¬ 
time  business  intelligence 
has  not  yet  graduated  to 
enterprise  primetime. 

and  thus  can  become  significant  bottlenecks. 
Some  in  the  industry  have  proposed  data  ware¬ 
house  federation  to  alleviate  the  potential  bot¬ 
tleneck,  but  most  federation  scenarios  are  fun¬ 
damentally  hub-and-spoke,  relying  on  common 
ETL  tools,  metadata  repositories  and  data  stag¬ 
ing  areas. 

Fortunately,  other  architectural  approaches  for 
real-time  business  intelligence  are  being  ex¬ 
plored.  Some  firms  deploy  an  operational  data 
store,  which  is  similar  to  a  data  warehouse  but 
contains  only  the  most  current  consolidated  data 
fed  in  through  ETL  tools.  Another  popular 
approach  is  enterprise  information  integration 
(Eli),  which  supports  real-time,  federated  query 


and  update  across  distributed  source  DBMSs. 

Unfortunately,  there  are  no  industry  best  prac¬ 
tices  for  real-time  business-intelligence  require¬ 
ments.  Companies  must  sort  through  diverse 
approaches  and  try  to  implement  them  to  lever¬ 
age  and  extend  their  traditional,  data-warehouse- 
based  business  intelligence  environments. 

Going  forward,  the  data-management  industry 
should  define  a  clear  set  of  real-time  business- 
intelligence  implementation  best  practices  based 
on  open  industry  standards,  such  as  the  various 
eventing,  metadata  and  other  interoperability 
specifications  subsumed  under  the  WS-*  um- 
brella.Vendors  should  converge  all  real-time  busi¬ 
ness  intelligence  approaches  in  a  common  ser¬ 
vice-oriented  architecture  framework,  so  that  cus¬ 
tomers  can  deploy  easily  any  mix  of  real-time, 
near-real-time  and  lagged-time  business  intelli¬ 
gence  that  suits  their  needs. 

The  stakes  in  all  this  are  more  than  low-level  pro¬ 
tocol  plumbing.  Real-time  business  intelligence 
enables  business  agility  through  improved  report¬ 
ing,  analysis  and  response  to  changing  events.  It 
also  supports  regulatory  compliance.  Section  409 
of  the  Sarbanes-Oxley  Act  specifically  mandates 
that  companies  perform  real-time  disclosure  of 
material  changes  in  their  financial  conditions  “on 
a  rapid  and  current  basis.” 

How’s  that  for  a  market  driver?  From  a  technical 
standpoint,  how  companies  meet  that  real-time 
reporting  requirement  is  entirely  up  to  them. 

Kobielus  is  a  principal  analyst  at  Current 
Analysis  in  Alexandria,  Va.  He  can  be  reached  at 
(703)  340-8134  or  jkobielus@cuirent 

analysis.com. 
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Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 


JOHNNY  C.  WHITE 
CIO 

Florida  Guardian  ad  Litem  Program 
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For  the  past  few  years, 


IT  managers  have  struggled  to  boost  the  perform¬ 
ance  of  applications  across  the  wide-area  network. This  has  meant  applying  a  hodgepodge  of 
WAN  optimization  and  application  acceleration  tools  throughout  the  enterprise.  Industry 
experts  say  this  band-aid  approach  is  a  no-win  for  companies  looking  to  consolidate 
resources  and  offer  expanded  data  access  to  remote  and  mobile  users.  Instead,  experts  say, 
success  comes  from  optimizing  your  applications  from  the  outset. 


“Acceleration  has  to  be  considered  from  the 
time  applications  are  first  rolled  out,”  says  Joe 
Skorupa,  research  vice  president  for  enterprise 
network  services  and  infrastructure  at  Gartner. 
He  says,  if  done  properly,  application  acceleration 
addresses  one  of  the  most  important  problems 
IT  organizations  face  today:  the  reliable,  depend¬ 
able  delivery  of  new  and  existing  applications 
across  LANs  and  WANs. 

“Application  acceleration  tools  enable  server 
and  data  center  consolidation  and  deployment  of 
browser-based  applications  while  lowering  total 
cost  of  ownership,”  he  says. 

In  fact,  companies  are  counting  on  application 
acceleration  to  allow  them  to  achieve  two  goals: 


increase  the  amount  of  applications  available  to  a 
widely  distributed  group  of  users,  and  centralize 
IT  resources  to  lower  operational  costs. 

Gartner  defines  two  categories  of  application 
acceleration:  application  delivery  controllers 
(ADCs)  and  WAN  optimization  controllers 
(WOCs).  ADCs  are  used  to  improve  the  per¬ 
formance  ofWeb-based  and  related  applications  at 
the  network  and  application  layers  with  tech¬ 
niques  such  as  server  load  balancing  and  Secure 
Sockets  Layer  (SSL)  offloading. They  also  deal  with 
real-time  protocols  through  data  compression, 
traffic  shaping,  and  quality  of  service.  WOCs  are 
used  to  address  the  performance  of  enterprise 
applications  across  the  WAN. They  focus  on  band- 


Car  Talk 

Auto  parts  maker  finds  just-in-time  peace  of  mind  with  Packeteer  solutions 


Following  the  merger  that  created  the  company,  Inergy  Automotive 
Systems  embarked  on  a  plan  to  converge  all  data,  voice,  and  video  traffic 
onto  a  single  network.The  Paris-based,  global  supplier  of  customized  fuel  sys¬ 
tems  to  the  automotive  industry  sought  further  efficiencies  with  a  plan  to 
centralize  hosting  of  key  applications  and  to  consolidate  servers  across  oper¬ 
ations  spanning  18  countries. 

INERGY  planners  knew  these  moves  would  put  unprecedented  pressure 
on  the  company’s  global  network,  dubbed  INNet,  to  deliver  maximum  uptime, 
availability,  and  performance.  Adding  heaps  of  bandwidth  to  provide  the  nec¬ 
essary  quality  of  service  (QoS)  was  out  of  the  question  due  to  the  sheer 
expense.  Planners  also  considered  using  router-based  QoS  capabilities  to 
streamline  traffic  flow.That  solution  was  also  costly  and  would  have  required 
disruptive  upgrades  while  ultimately  delivering  suboptimal  traffic  management 
capabilities. 

Instead,  the  INERGY  planners  chose  to  deploy  dedicated,  state-of-the-art 
QoS  appliances,  adding  these  traffic  management  “mini-brains”  throughout  the 
network.This  strategy  would  allow  staff  to  intelligently  analyze,  classify,  moni¬ 
tor.  and  ultimately  control  all  INNet  traffic  while  delivering  predictable 
application  service  levels  aligned  with  core  business  objectives.  The 

. 


technology  of  choice  was  the  PacketShaper  from  Packeteer  Inc. 
(www.packeteer.com). 

INERGY’s  planners  identified  Packeteer  as  providing  “a  complete  set  of 
tools  that  allows  automatic  management  of  a  diverse  range  of  traffic  types.” 

The  results  for  INERGY  have  been  dramatic.  INERGY  estimates  that  the 
return  on  investment  per  installation  will  be  achieved  by  avoiding  a  single  net¬ 
work  outage  or  loss  of  connectivity  to  an  enterprise  data  center.  Meanwhile, 
INERGY  chalked  up  performance  gains  that  include  a  300%  increase  in  effec¬ 
tive  bandwidth,  a  50%  increase  in  response  to  Web/HTTP  service,  a  75% 
decrease  in  server  delay  across  the  network,  and  a  60%  decrease  in  network 
latency. 

For  more  information  on  these  and  other  exceptional  network  perform¬ 
ance  solutions,  visit  www.packeteer.com. 
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YOUR  BRANCH  OFFICES 
ARE  GROUNDED  — AGAIN. 


Eliminate  application  delays  with  the  market  leader. 

With  Packeteer®  WAN  optimization  appliances,  your  business-critical  applications 
are  always  cleared  for  take-off.  They  give  you  monitoring,  control,  acceleration,  and 
management  all  in  one,  convenient  appliance.  What's  more,  you  can  control  recreational 
and  malicious  traffic  to  further  improve  employee  productivity.  The  result?  Faster 
access  to  business-critical  applications  and  happier  branch  office  users. 

To  learn  more,  please  visit  www.packeteer.com/takeoff. 
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width,  latency,  and  protocol  issues.This  category 
features  tools  that  use  bandwidth  shaping,  quality 
of  service,  compression,  and  route  control. 

Gartner  predicts  that  today’s  $  1 .8  billion  appli¬ 
cation  acceleration  market  will  grow  to  $3.7  bil¬ 
lion  by  2008 — with  a  healthy  compound  annual 
growth  rate  of  15.6%  through  2010.  At  the  heart 
of  this  growth  will  be  a  trend  away  from  single¬ 
function  boxes  toward  powerful  platforms  that 
deliver  four  or  more  functions— such  as  connec¬ 
tion  management  and  firewalling — to  alleviate 
performance  problems,  Skorupa  says. 

THE  CENTRALIZED  DATA  LOGJAM 

Consolidating  resources  is  a  top  initiative  for 
most  organizations.  Federal  and  private  sector 
compliance  mandates,  including  the  Sarbanes- 
Oxley  Act,  are  forcing  companies  to  pull  data 
back  from  branch  offices  and  remote  locations 
into  a  central  repository.  At  the  same  time,  an 
ever-increasing  pool  of  mobile  and  remote  work¬ 
ers  is  generating  more  data. 

These  workers,  often  separated  by  long  dis¬ 
tances  from  their  servers,  need  rapid  and  real¬ 
time  access  to  mission-critical  enterprise  applica¬ 
tions. Yet  most  applications  that  they  are  trying  to 
employ  were  not  designed  to  work  over  the  long 
haul.  For  instance,  Microsoft’s  Common  Internet 
File  System  (CIFS)  protocol,  which  is  used  for  file 
sharing,  is  chatty  and  requires  iots  of  back-and- 
forth  between  servers  to  transfer  documents. 
Waiting  tens  of  seconds,  minutes,  or  even  hours 
for  backups  or  file  downloads  is  unacceptable  for 
today’s  fast-paced  organizations. 

“The  biggest  problem  here  by  far  is  latency. 
The  amount  of  time  an  application  takes  to  tra¬ 
verse  the  WAN  is  increasing,”  says  Robert 
Whiteley,  a  senior  analyst  for  enterprise  net¬ 
working  at  Forrester  Research.  “Whether  it’s 
due  to  the  distance,  the  ‘chattiness’  of  a  proto¬ 
col  like  CIFS,  or  the  fact  that  folks  are  using 
more  real-time  applications  like  voice  over  IP, 
users  can’t  tolerate  the  250-plus  microseconds 
of  latency  that’s  not  uncommon  on  the  WAN.” 


Skorupa  agrees.  “We’re  asking  the  operating 
system  to  do  things  it  was  never  designed  to  do. 
We  went  from  one  connection  per  user  per  file 
server  per  day  to  doing  several  thousand  per 
hour.  You  can  have  10  to  30  TCP  connections  per 
page.  Web  servers  are  just  rolling  over  and  playing 
dead,”  he  says. This  can  severely  hinder  productiv¬ 
ity  and  frustrate  users.“To  open  a  file  with  CIFS 
can  take  a  thousand  round-trips.  It’s  a  terribly  bad 
protocol  design,”  he  says. 

“The  Internet  is  not  designed  for  optimal  per¬ 
formance,”  adds  Tom  Leighton,  chief  scientist  and 
co-founder  of  Akamai  Technologies  Inc.  in 
Cambridge,  Mass.  “Applications  delivered  over  the 
Internet  can  suffer  from  latency  and  packet  loss 
caused  by  congestion,  outages,  and  problematic 
peering  relationships.  Globalization,  combined 
with  infrastructure  consolidation  trends,  increases 
the  distance  between  the  origin  and  end  users, 
which  increases  the  impact  of  the  Internet’s  per¬ 
formance  problems  on  enterprises.” 

In  addition  to  the  inherent  problems  of 
accessing  traditional  applications  over  the  WAN, 
such  as  those  from  SAP,  SQL,  and  Oracle, 
Whiteley  says  a  shift  in  the  types  of  applications 
users  want  to  access  is  putting  pressure  on 
application  performance.  “We’re  moving  from 
transaction-based  environments  to  interaction- 
based  environments  that  depend  on  real-time 
information  and  collaboration,”  he  says. 


He  points  to  the  rise  in  high-level  IT  efforts 
such  as  service-oriented  architectures,  RFID,  uni¬ 
fied  communications,  and  video  content,  all  of 
which  are  vying  for  priority  across  the  WAN. 
“These  are  all  pushing  the  need  for  optimization 
ofWAN  latency  and  throughput  issues,”  he  says. 

Mark  Urban,  director  of  product  marketing  at 
Packeteer  Inc.  in  Cupertino,  Calif.,  says  this 
blending  of  applications  across  the  wide  area  is 
a  major  challenge  for  IT.“The  biggest  problem  is 
the  diversity  of  the  environment  today. Ten 
years  ago,  you  might  have  had  mainframe  sys¬ 
tems,  thick  clients,  and  possibly  some  e-mail. 

Five  years  ago,  you  had  Web  and  Internet  tech¬ 
nologies,  but  they  were  still  pretty  basic.  Now 
you  have  productivity  applications  from 
Microsoft,  enterprise  applications  such  as  SAP 
and  Oracle,  dozens  of  recreational  applications, 
all  running  across  the  same  network  as  voice 
and  video,”  he  says. 

“The  struggle  from  the  network  side  is  to 
understand  the  totality  of  what’s  on  the  network 
and  how  to  manage  through  this  new  environ¬ 
ment,”  Urban  says. 

BAND-AID  SOLUTIONS 
ARE  NO  SOLUTION 

IT  managers  have  tried  to  solve  application  per¬ 
formance  issues  in  myriad  ways,  including  putting 
in  piecemeal  software,  hardware,  and  services  to 
address  one-off  problems. 

“They’ve  tried  doubling  the  amount  of  memo¬ 
ry;  that  doesn’t  help. They’ve  tried  doubling  the 
amount  of  processors;  that  doesn’t  help.They’ve 
even  tried  doubling  servers,  but  that  leads  to 
expensive  licensing  and  the  need  for  more  net¬ 
work  administrators,”  Skorupa  says. 

More  recently,  they’ve  dipped  into  the  applica¬ 
tion  acceleration  tool  pool,  applying  best-of-breed 
gear  and  services  at  various  points  in  the  net¬ 
work  in  the  hopes  of  stumbling  upon  a  solution. 

But  this  approach  has  led  to  another  layer  of 
management  attached  to  each  application.  For 
instance,  enterprises  have  deployed  separate 
application  firewalls,  caching  services,  SSL  offload 
devices,  and  TCP  optimization  tools. 

This  can  create  a  catch-22  as  addressing  the 


THE  NEED  FOR  SPEED 

Are  you  using  any  WAN  optimization  or  application  performance  solutions? 


Yes,  we  use  an  in-house  solution  that  is 
managed  by  our  IT  staff 


Yes,  we  purchase  from  a  service  provider 

No,  we  do  not  use  any  WAN  optimization  or 
application  performance  solutions 


SOURCE:  I  DCs  US.  WAN  MANAGER  SURVEY.  2006 
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Friendly’s  Improves  Performance  and  Reduces  Costs 
with  Stampede’s  Application  Acceleration  Series 


The  Friendly®  Ice  Cream  Corporation  had  been  experiencing  inconsis¬ 
tent  and  slow  response  times  for  remote  users  at  its  535  restaurants. 
This  poor  response  time  and  high  network  utilization  created  productivity 
and  end-user  satisfaction  issues. 

The  initial  thought  was  to  upgrade  the  satellite  network,  or  to  switch  from 
satellite  to  broadband — a  time-consuming  and  costly  task,  in  either  case. 

IMPROVED  PERFORMANCE  &  PRODUCTIVITY 

The  Stampede  Application  Acceleration  Series™  offered  a  solution  that  could 
reduce  bandwidth  utilization  over  the  satellite  network,  improve  perform¬ 
ance,  and  provide  a  more  consistent  user  experience — all  with  a  better  ROI. 

Improving  productivity  through  quicker  browser  response  times  and  high¬ 
er  quality  of  service  levels  for  users  in  the  restaurants  was  key,  especially  for 
access  to  the  mymicros.net  retail  portal  used  by  Friendly’s. 

REDUCE TASKTIMES  BY  75% 

Through  the  use  of  Stampede’s  solution,  Friendly’s  was  able  to  reduce  average 
task  time  by  75%,  and  total  transaction  time  by  over  50%. 


While  Friendly’s  is  still  considering  network  upgrades,  Peter  Palumbo,  the 
company’s  senior  IT  director,  had  this  to  say:  “The  Stampede  Application 
Acceleration  Series  will  improve  the  end-user  experience  as  we  further  eval¬ 
uate  our  networking  options.  Even  with  upgrades  to  our  network,  the  accel¬ 
eration  offered  by  Stampede  will  enhance  whatever  option  we  undertake.” 

Using  the  Stampede  Application  Acceleration  Series’  unique  combination  of 
hardware  and  software  to  provide  application  acceleration,  customers  can 
realize  unmatched  value  through  technologies  such  as  Cache  Differencing  and 
TurboStreaming™,  dramatically  improving  response  times,  network  utiliza¬ 
tion,  and  end-user  productivity. 


DON’T  LIMIT  YOUR  APPLICATION  PERFORMANCE 

PROVIDE  THE  BEST  PERFORMANCE  WHEN  IT’S  NEEDED  -  WHERE  IT’S  NEEDED 
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IMPROVE  PRODUCTIVITY  &  REDUCE  COSTS  WITH  ACCELERATION  ON-DEMAND™ 

Stampede’s  innovative  Acceleration  On-Demand™  automatically  injects  acceleration  into  your  applications,  delivering  the 
full  value  and  benefit  of  two-way  application  acceleration,  without  installing  hardware  or  software  in  your  remote  locations. 
Acceleration  On-Demand  allows  you  to  do  more  with  less,  saving  time  and  money.  For  over  13  years,  Stampede's  customers 
have  reduced  costs,  avoided  upgrades,  and  improved  end-user  productivity,  let  our  solutions  do  the  same  for  you. 

Contact  us  to  learn  more:  1.800.763.3423,  US  &  Canada  I  1.937.291.5035,  International  I  www.stampede.com 
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he  says  new  options  are  coming  into  the  market. 

Next,  he  says  to  create  a  short  list  of  solutions 
and  pilot  them.  “We’ve  found  that  most  of  our 
clients  look  to  get  three  to  five  vendors  into 
their  labs  for  evaluation,”  he  says.  ButWhiteley 
warns  that  labs  don’t  always  offer  the  best  envi¬ 
ronments  to  recreate  performance  issues. 

Instead,  you  should  deploy  your  top  options  in 
production  networks. “This  helps  validate  ven¬ 
dors’  gaudy  performance  claims  as  well  as 
assuage  common  reliability  and  scalability  con¬ 
cerns,”  he  says. 


needs  of  one  application  often  impedes  the  per¬ 
formance  of  others  in  the  network  and  doesn’t 
address  other  issues,  Urban  says.  “You  can  cause 
a  lot  of  different  problems  down  the  chain.  If  you 
jump  right  in  without  getting  a  clear  picture,  you 
can  miss  the  whole  point  of  application  accelera¬ 
tion,”  he  says. 

Gordon  Dorworth,  president  and  CEO  of 
Stampede  Technologies,  Inc.  in  Dayton,  Ohio,  says 
the  changing  demographics  and  increased  mobility 
of  the  workforce  create  problems  for  most  appli¬ 
cation  acceleration  approaches.  “As  essential  busi¬ 
ness  applications  are  deployed  to  mobile  users 
such  as  customer  service  representatives,  sales¬ 
people,  and  other  virtual  users  in  their  own  loca¬ 
tions  and  home  offices,  it’s  often  impossible,  usual¬ 
ly  impractical,  and  invariably  costly  to  put  hard¬ 
ware  in  all  of  those  far-flung  locations,”  he  says. 

He  uses  a  retail  chain  as  an  example. “Say  they 
want  to  provide  e-mail  access  to  each  store — it  is 
simply  not  practical  or  affordable  to  deploy  appli¬ 
cation  acceleration  hardware  devices  at  each  loca¬ 
tion  and  expect  nontechnical  store  personnel  to 
manage  an  in-store  server-based  system  or  even 
the  easiest-to-use  network  appliance,”  he  says. 

A  CLEAR  VIEW  OF  A 
CLOUDY  NETWORK 

To  gain  a  foothold  on  solving  application  per¬ 
formance  problems,  experts  say  you  must  first 
understand  the  issues  you’re  trying  to  address 
and  what  tools  match  these  issues. 

Urban  recommends  taking  a  step  back  and  get¬ 
ting  a  clear  picture  of  your  network  end-to-end. 
“As  applications  are  consolidated  back  to  the 
data  center,  we’ve  sometimes  seen  a  lot  of  appli¬ 
cation  performance  basics  fall  through  the  cracks. 
This  has  a  terrible  impact  on  the  user  base. 
Instead,  companies  should  assess  impact  to  the 
user  experience  before  making  significant 
changes,”  he  says. 

“You  have  to  start  with  visibility. What  are  all 
the  applications  running  on  your  network?  Which 
ar?  most  important?  What  problems  are  they 
encountering?”  Urban  says.Then  you  work  to 
match  the  tool  set  to  the  problems.  “Are  your 
iTunes  downloads  and  MS  patch  distributions 
interrupting  voice  calls?  Then  you  should  work  to 


contain  that  traffic.  Are  you  having  challenges 
with  file  access  over  the  WAN?  Then  you  need  to 
focus  on  latency  and  access.” 

Skorupa  says  it’s  critical  to  involve  all  stake¬ 
holders  in  the  applications  process  from  the 
beginning,  including  application  developers,  archi¬ 
tects,  security  architects,  network  administrators, 
and  systems  administrators.  He  says  executives 
should  mandate  that  everyone  be  held  responsi¬ 
ble  for  the  end-user  experience.  “It  should  be 
either  sink  together  or  swim  together.  Otherwise 
you’re  going  to  get  a  lot  of  finger-pointing  and 
the  system  will  break  down,”  he  says. 

According  to  Forrester’s  Whiteley,  the  more 
involvement,  the  easier  it  is  to  pinpoint  network 
bottlenecks. “Interview  architects,  operations 
managers,  the  help  desk,  and  end  users  to  deter¬ 
mine  if  the  issue  is  persistent  and  that  poor  app 
performance  is  actually  causing  pain,”  he  says.This 
prevents  you  from  overspending  on  problems 
that  aren’t  mission-critical. 

Whiteley  also  recommends  that  IT  groups  look 
for  overlap  if  you’re  suffering  more  than  one 
issue.  Perhaps  one  tool  can  address  your  prob¬ 
lems  with  CIFS  and  caching.  Next,  he  says  to 
work  closely  with  your  vendor  to  make  sure  that 
your  road  map  matches  theirs  and  you’re  not  just 
buying  a  single-problem  solution  that  you’ll  even¬ 
tually  need  to  replace.  For  instance,  you  can  now 
get  application  acceleration  tools  combined  with 
advanced  securi¬ 
ty  technologies 
such  as  SSL 
VPNs,  firewalls, 
and  intrusion 
prevention. 

Another  step, 
he  advises,  is  to 
determine 
whether  you’ll 
build  or  buy. 

Until  now,  finding 
managed  solu¬ 
tions  that  handle 
all  aspects  of 
application  per¬ 
formance  has 
been  difficult,  but 


APPLYING  THE  RIGHT  TOOLS 

Once  you’ve  laid  out  your  application  and  net¬ 
work  problems  and  before  you  settle  on  a  ven¬ 
dor,  it’s  important  to  match  the  feature  sets  you 
need  with  the  issues  you’re  trying  to  solve. 

There  are  several  tiers  to  the  decision-making 
process  surrounding  application  acceleration. 

One  tier  involves  whether  to  apply  a  symmetric 
or  asymmetric  solution.  Asymmetric  solutions  are 
those  that  require  hardware  on  one  end  of  a 
connection,  while  symmetric  solutions  require 
gear  on  both  sides  of  the  connection. 

For  many  Web-based  applications,  asymmetric 
offerings  are  the  best  approach  to  accelerate 
applications  from  within  the  data  center. To  speed 
branch-office  and  remote-user  access,  experts 
recommend  the  symmetric  approach. 

Asymmetric  and  symmetric  approaches  are 
available  as  hardware,  software,  and  services.  You 
can  choose  to  implement  them  as  an  appliance,  a 
managed  service,  or  software  that  is  automatical¬ 
ly  injected  into  the  user’s  browser. 

Next,  decide  if  your  problem  is  best  solved  at 
the  data  center,  over  the  WAN  connection,  or  a 
combination  of  both. This  will  determine  if  you 
look  at  application  delivery  controllers  or  WAN 
optimization  controllers. 

Within  each  of  these  categories,  you’ll 
encounter  methods  for  optimizing  HTML 
sessions, TCP/IP  sessions,  SSL  tasks,  content  deliv- 


GOTTA  KICK  THE  BANDWIDTH  HABIT 

Over  the  next  1 2  months ,  what  changes  do  you  anticipate 
in  total  bandwidth  for  your  corporate  WAN? 


Increase 
Stay  the  same 
Decrease 
Don’t  know 
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The  Intelligent  Network  Solution 

NetEnforcer  from  Allot  provides  visibility,  control,  and  service  differentiation 


Gone  are  the  days  when  enterprise-class  users  or  service  providers 
could  simply  throw  more  bandwidth  at  the  challenge  of  service  opti¬ 
mization.  Instead,  a  fast-growing  number  of  companies  are  leveraging  the  intel¬ 
ligent  IP  service  optimization  solutions  of  Allot  Communications 
(www.allot.com). 

With  the  rigorous  deep  packet  inspection  technology  offered  by  its 
NetEnforcer  solution,  Allot  makes  differentiated  service  plans  and  differenti¬ 
ated  service-level  agreements  (SLAs)  possible  and  affordable.  Specifically, 
NetEnforcer  lets  users  and  service  providers  control  bandwidth  usage, 
enforce  service  guarantees,  and  set  traffic-forwarding  priorities  and  rate  lim¬ 
its  based  on  both  application  and  subscriber. 

Consider  how  Allot  helped  Louisiana  State  University  in  Baton  Rouge  in 
ways  even  the  university  didn’t  anticipate.  Five  years  ago,  LSU  used 
NetEnforcer  to  identify  high-bandwidth  applications  that  were  slowing  the 
entire  network.  With  NetEnforcer,  LSU  was  able  to  eliminate  formerly  out-of¬ 
control  demand  for  network  resources  and  allocate  resources  based  on  user 
group  privileges. 

But  after  Hurricane  Katrina  struck  last  year,  LSU  was  summoned  to  house 


AH©* 


support  personnel  for  civilian 
workers  and  the  U.S.  Army. 

Literally  within  minutes,  LSU 
was  able  to  provide  a  guaran¬ 
teed  network  pipe  for  these  communications 
workers  off-campus,  using 
NetEnforcer  capabilities  to 

ensure  that  the  work  of  the  university  and  of  relief  workers  proceeded  with¬ 
out  interfering  with  one  another. 

And  at  Loral  Skynet,  a  global  communications  provider,  NetEnforcer  has 
been  pressed  into  service  to  help  Loral’s  clients  safeguard  critical  information 
as  well  as  network  performance.  With  NetEnforcer,  Loral  Skynet  has  been 
able  to  shape  traffic  so  that  customers  who  may  be  hit  with  an  outage  can 
immediately  access  the  level  of  bandwidth  they  require  by  linking  to  Loral 
Skynet’s  satellite  or  high-speed  terrestrial  fiber  network.  NetEnforcer  gives 
Loral  Skynet  optimal  visibility  into  customer  networks  to  inspect,  identify,  and 
analyze  hundreds  of  applications  and  protocols  and  to  track  client  behavior. 

For  more  information,  visit  www.allot.com. 


Turn  your  Network  into  an  Intelligent  Network 
with  Broadband  Traffic  Management 


Transform  broadband  pipes  into  smart  networks  by 
using  deep  packet  inspection  and  dynamic  traffic 
control.  Allot  helps  you  manage  applications  and 
services,  guarantee  a  quality 
customer  experience,  and 
contain  costs. 


•  Gain  total  traffic  visibility 

•  Get  dynamic  control  of  subscriber  services 

•  Provide  more  broadband  services 

•  Maximize  revenue 


lontact  Allot  today: 

>wb@aUot.com  www.allot.com/bwb  Tel:  (877)  255-6826 
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STEADY  GROWTH  IN 
A  KEY  MARKET 

Worldwide  WAN  Optimization 
Revenue  ($m)  Revenue,  2004-2009 
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ery,  and  more.  Here  are  some  of  the  techniques 

you  can  apply: 

■  Caching  ensures  faster  delivery  of  content 
across  the  wide  area  by  placing  frequently 
requested  information  close  to  the  user.  For 
instance,  objects  in  a  Web  page  can  be  cached 
so  that  the  time  it  takes  to  retrieve  and  build  a 
page  is  significantly  decreased. 

■  Compression  allows  the  size  of  data  to  be 
reduced  to  shorten  transmission  times. 
Compression  algorithms  ensure  that  data  is 
compressed  at  one  end  of  a  link  and  decom¬ 
pressed  at  its  destination. 

■  Load  balancing  helps  ease  overloaded  servers 
by  intercepting  application  requests  and  for¬ 
warding  them  to  less-burdened  devices. That 
way  a  single  server  does  not  become  a  bottle¬ 
neck. 

■  Offload  devices  allow  the  server  load  to  be 
lessened  by  taking  specific  tasks  and  sending 
them  to  specialized  devices.  For  instance,  SSL 
sessions  can  be  offloaded  to  a  box  that  is  opti¬ 
mized  to  deal  with  its  requirements. 

■  Protocol  optimization  techniques  are  used  to 
manage  the  handoff  between  inefficient  proto¬ 
cols  such  as  CIFS  or  TCP. These  protocols  are 
known  for  their  intensive  back-and-forth  chatti¬ 
ness,  and  TCP  and  CIFS  optimization  help 


lessen  the  demands  of  each  session. 

■  Route  optimization  and  quality  of  serv¬ 
ice  address  traffic  priority  requirements 
as  well  as  issues  surrounding  WAN 
congestion.  If  you’re  trying  to  guarantee 
delivery  of  voice  calls,  you  need  to  con¬ 
sider  techniques  that  will  prioritize  traf¬ 
fic  as  well  as  find  the  best  route 
through  the  network. 

MARKET 

CONSOLIDATION 

Once  you’ve  mastered  these  terms  and 
settled  on  a  strategy  for  improving  your 
application  performance,  you  have  to  take 
a  good  look  at  the  market  itself,  according 
toWhiteley  and  Skorupa. 

“This  space  is  under  heavy  consolidation,” 
Whiteley  warns.  He  notes  that  vendors  have 
been  acquisition-happy,  drawing  in  companies  that 
add  to  their  portfolios.  “Why  so  much  activity? 
Because  suppliers  of  acceleration  technology  are 
aggressively  adding  features  to  collapse  previously 
discrete  markets  and  to  provide  one-stop-shop 
solutions,”  he  says. 

At  the  same  time,  Skorupa  says  there  has  been 
an  influx  of  venture  capital  for  start-ups  so  that 
new  approaches  can  be  put  into  the  marketplace. 


Another  key  change  is  the  acceptance  by  big 
application  vendors  such  as  Microsoft,  Oracle,  and 
SAP  that  application  acceleration  has  to  be  an 
integral  part  of  enterprise  application  rollouts. 

Skorupa  says  having  them  onboard  is  proof 
positive  that  the  only  way  to  succeed  at  boosting 
application  performance  is  to  have  a  proactive 
game  plan. 


Sandra  Gittlen  is  a  freelance  technology  writer  in 
Northboro,  Moss. 
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Meeting  and  Beating  the  Challenge  of  Latency 


WHAT  ARE  THE  KEY  CHALLENGES  OF 
OPTIMIZING  WEB-BASED  APPLICATIONS? 

Enterprises  today  are  using  the  Internet  to  transport 
business-critical  traffic  to  an  ever-expanding  global  base 
of  users.  Businesses  have  learned  that  latency  and  avail¬ 
ability  issues  associated  with  the  Internet  itself  can  be  a 
bottleneck  for  obtaining  good  application  performance, 
especially  for  long-distance  traffic.  Companies  are  also  at 
the  mercy  of  TCP/IP,  an  inefficient  and  chatty  protocol 
highly  sensitive  to  latency. 

WHAT  CAN  BE  DONE  ABOUT  LATENCY? 

While  application  acceleration  techniques  such  as  TCP 
optimization  improve  the  number  of  trips  required 
across  the  Internet,  they  do  not  address  the  underly¬ 
ing  latency  and  packet  loss  on  the  Internet  itself. 
Techniques  such  as  route  optimization  can  be 
employed  to  steer  around  Internet  bottlenecks  and 
optimize  latency.  It’s  important  to  architect  a  solution 
that  accounts  for  data  once  it  leaves  the  data  center 
and  enters  the  Internet  “cloud,”  especially  for  global 
users. 


Neil  Cohen  runs 
product  marketing 


for  Application 
Performance 
Services  at  Akamai 
Technologies  Inc. 

( www.  akamai.  com) 


Q:  HOW  IMPORTANT  IS  IT  TO  OPTIMIZE 
THE  INTERNET  CLOUD? 

A:  It’s  mission-critical.  Globalization,  server  consolidation, 
and  chatty  Web  2.0  protocols  such  as  AJAX  either 
increase  the  distance  or  the  number  of  passes  across 
the  cloud,  producing  the  packet  loss  and  latency  that 
render  applications  unusable. 

Q:  WHAT  DOES  AKAMAI  OFFER  TO 
HELP  OUT  HERE? 

A:  Akamai  employs  typical  application  acceleration  tech¬ 
niques  like  TCP  optimization  and  compression,  but  we 
also  optimize  the  cloud  by  employing  techniques  like 
route  optimization,  dynamic  mapping,  caching,  and 
prefetching. With  Akamai,  caching  and  prefetching  are  per¬ 
formed  as  close  as  possible  to  the  end  user  as  opposed 
to  within  the  data  center.  Plus,  Akamai  provides  this  as  a 
convenient,  managed  service. This  means  users  get  all  the 
benefits  of  application  acceleration  and  our  unique 
Internet  cloud  optimization  without  any  infrastructure 
build-out,  meaning  there  is  no  need  to  build,  maintain, 
upgrade,  or  configure  hardware. 
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Accelerated  Web  Applications 
Now  Standard  at  Audi 


While  you  were  out  spinning  your  wheels  trying  to  support  Web-based  applications  as 
fast  as  you  could  develop  them,  the  team  at  Audi  improved  application  performance  delivery  with  Akamai 
Much  to  the  delight  of  its  worldwide  dealer  network,  Audi  reduced  page  load  times  by  90% 

and  offloaded  80%  of  its  total  Web  traffic. 

Audi  trusts  Akamai's  globally-distributed  network  and  application  performance  services 
to  accelerate  its  dynamic  Web  applications  without  increasing  infrastructure  costs. 


Application  Acceleration  Technology 


Convenient  Managed  Service  Approach 


Secure,  High-performance  Delivery 


Reduced  Total  Cost  of  Ownership 


Audi  views  Akamai  as  a  scalable  extension  to  the  infrastructure  of  our  internal 
Web  center  and  offers  us  a  quality  of  Web  performance  which  we  would  not 
be  able  to  achieve  by  our  own  means. "  — Marcel  Aslund,  AUDI  AG  . 


Let  Akamai  get  your  Web  applications  on  the  fast  track  to  peak  performance  and  see  how  much 
you  can  boost  your  bottom  line.  Visit  www.akamai.com/audi  and  download  the  IDC  whitepaper 

Determining  the  Return  on  Investment  of  Web  Application  Acceleration  Managed  Services 

or  Call  1.877.425.2624 
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Tip  #67  By  Netcordia' 

Best  Practices  Tech  Tips,  brought  to  you  by  Netcordia. 

Network  Analysis  Tip  #  67  -  Switch  Port  Duplex  Mismatch 


[xj  Switch  Port  Duplex  Mismatch  [77] 


Severity:  Error 
Correctness  Penalty:  -2 
Stability  Penalty:  0 


Component:  interfaces 
Generated:  2005-01-05  00:28:11.0 
Modified:  2005-01-05  00:28:11.0 

|  The  following  switch  interfaces  had  an  error  rate  greater  than  0.01%  of  the  total  number 
of  packets  sent  or  received,  which  may  indicate  that  the  duplex  setting  for  the  interface 
does  not  match  the  other  side  of  the  link: 

Rows  1-20  of  77  rHi^l 


IP  Address 

Device  Name 

Interface 

Total 

Packets 

%  Errors 

1 

10.18.8.41 

tl  2-4th-3548-2 

Fa0/23  -  FastEthernetO/23 

In 

Out 

96,658 

225,396 

35.06 

0 

2 

10.1.8.4 

tr3-c-6509-1 

2/1  - 10/100  utp  ethemet  (cat  3/5) 

In 

Out 

4,464.732 

4,641,789 

34.46 

0 

3 

10.18.8.20 

tl  2-2nd-3548- 1 

Fa0/23  -  2122B 

In 

o<  /t 

22,457 

104,124 

14.42 

0 

4 

10.178.121 

b2-2s-3548-2 

FaO'5  -  FastEthemetQ/5 

In 

Out 

10,697 

65,044 

842 

0 

5 

10.17.8.161 

b2-6s-3548-1 

FaO/2  -  FastEthemetO/2 

In 

Out 

14,894 

244,265 

7.42 

0 

6 

10.1.8.217 

dlsl-ed-4503-1 

Gil/1  -  llplnk  to  tr3-c-6509-1 

In 

Out 

660,897 

227,397 

723 

0 

Why  is  this  important?  Switch  port  duplex 
mismatch  problems  are  a  real  pain! 

They  occur  when  the  switch  port  and  attached 
computer  are  not  configured  to  use  the  same 
duplex  setting  or  for  both  ends  to  auto  negotiate 
the  setting.  Regardless  of  the  setting  the  con¬ 
nection  seems  to  work  fine  at  low  traffic  levels, 
particularly  for  ping  packets.  But  as  the  traffic 
level  grows,  the  errors  increase,  affecting  net¬ 
work  throughput.  Unless  you  monitor  the  errors 
on  every  switchport,  you  may  not  be  aware  of 
the  problem.  Errors  will  accumulate  on  each 
end  of  the  misconfigured  link. The  half  duplex 
end  will  see  late  collisions,  alignment  errors, 
and  FCS  errors.  The  full  duplex  end  will  see 
FCS  errors. 

Duplex  mismatch  is  typically 
caused  by  configuration  errors. 

If  one  end  of  the  connection  is  configured  for 
full  duplex,  and  the  other  end  is  configured  for 
auto  negotiation,  the  system  configured  for  full 
duplex  will  not  participate  in  the  negotiation. 
The  negotiation  fails  and  the  standard  requires 


that  the  system  configured  for  auto  negotiation 
must  use  half  duplex.  So  now  we  have  one  end 
configured  for  full  duplex  and  the  other  end  auto 
negotiated  to  half  duplex.  Duplex  mis-match 
can  also  occur  when  a  NIC  driver  doesn’t 
remember  its  settings  when  the  system  is 
rebooted  or  it  may  not  have  been  properly 
configured  when  a  defective  NIC  was  replaced. 
We’ve  seen  networks  in  which  the  number  of 
duplex  mismatches  grew  from  10  to  over  70 
ports  over  a  two-month  period,  simply  due  to 
changes  in  the  devices  connecting  into  the 


network.  Finally,  there’s  the  case  where  the 
configurations  are  inconsistently  set  on  both  ends 
of  the  link,  such  as  would  happen  when  a  server 
that’s  configured  for  full  duplex  is  plugged  into  a 
switch  port  that’s  configured  for  half  duplex. 

The  major  source  of  errors  is  because  the  half 
duplex  system  will  be  sensing  collisions  and  the 
full  duplex  system  will  not.  That’s  why  the  errors 
are  proportional  to  traffic  volume.  Pinging  across 
such  a  link  will  work  fine,  because  there  is  little 
traffic.  However,  as  the  traffic  load  builds,  more 
and  more  collisions  occur. 

Manual  determination:  Periodically  verify  the 
server  network  connections  to  make  sure  that 
they  are  set  up  with  either  fixed  speed  and  duplex 
settings  on  each  side  or  that  both  are  set  to 
auto- negotiate.  Checking  for  errors  on  the  switch 
port  is  a  simple  check  that  is  easier  than  trying 
to  collect  and  verify  the  duplex  settings  on  both 
ends  of  a  link.  For  example,  in  the  Cisco  I0S,  the 
command  ‘show  interface  faO/1’  would  display 
the  duplex  and  speed  setting  and  the  number  of 
input  and  output  errors.  Manually  checking  more 


than  a  few  switch  ports  is  very  boring  and  so  it 
isn’t  performed  as  often  as  it  should.  Note  that 
errors  may  also  be  caused  by  bad  cabling,  so 
even  if  the  duplex  settings  are  correct,  identifying 
switch  ports  with  high  error  percentages  is  an 
important  periodic  task. 

Automatic  determination:  An  automated  tool, 
such  as  Netcordia's  NetMRI  appliance,  identifies 
100Mbps  switch  ports  reporting  more  than  0.01% 
errors  on  either  input  or  output.  At  an  average 
packet  size  of  100  to  1500  bytes,  this  is 


equivalent  to  a  bit  error  rate  (BER)  of  roughly 
10E-7  to  10E-8.  A  good  LAN  interface  should 
have  a  BER  of  less  than  10E-10,  or  one  bit  out 
of  every  10  billion  bits.  On  a  100Mbps  link, 
that's  one  error  for  every  100  or  more  seconds 
of  full  speed  operation.  The  switch  ports  are 
sorted  by  the  percentage  of  errors.  Any  switch 
port  handling  more  than  100,000  packets  per 
day  should  be  investigated.  In  the  figure  above, 
the  inter-face  in  row  2  is  handling  4.4  million 
packets,  of  which  34%  are  in  error.  This  volume, 
along  with  the  balanced  packet  count  for  input 
and  output,  indicates  that  the  system  connected 
to  this  port  is  likely  to  be  a  server.  At  these  error 
rates,  the  applications  on  this  server  will  have 
very  poor  performance.  ■ 


Terry  Slattery  CCIE  #1026,  is  Netcordia’s 
founder  and  CTO. 

Terry  co-authored  “Advanced  IP  Routing 
in  Cisco  Networks”,  has  several  software 
patents  and  a  prior  company  he  founded 
trained  over  35,000  network  engineers. 


Netcordia’s  products  analyze, operate  and  optimize  networks  -  easily. 

Our  NetMRI  appliance  has  industry  Best  Practices,  like  the  Tech  Tip  here, 
built  in,  with  automatic  discovery  and  operation 


To  learn  more,  or  get  more  Best  Practices  Tech  Tips, 
see  http://www.netcordia.com/nw67 


Sponsored  by 


Copyright  2006,  Netcordia,  Inc 


Netcordia 


Makers  of  the  NetMRI  appliance 
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Zero-latency  approach  gives  FaceTime  edge 


BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 

Ridding  a  desktop  or  server  of  malware  is  like  trying  to  kill  kudzu,  an  out-of¬ 
control  vine  in  the  South  that  can  grow  12  inches  a  day  Rootkit-based  spy- 
ware  is  especially  tenacious.  Using  Task  Manager  doesn’t  help,  because  the 
spyware  process  inserts  Registry  entries  that  cause  the  spyware  to  restart 
automatically.  Using  the  Registry  Edit  tool  to  remove  autorestart  insertions 
doesn’t  work,  because  the  instance  quickly  reinserts  the  autorestart  Registry 
entries  before  you  can  use  Task  Manager  to  end  the  process. 


An  Internet  gateway  that  prevents  malware  from  reaching 
clients  and  servers  is  a  much  better  approach  than 
installing  antispyware  tools  on  each  device.To  find  the  best 
gateway-based  system  (either  software  or  appliance),  we 
invited  several  vendors  to  our  lab  for  testing.  We  received 
FaceTime  Enterprise  Edition  (RTG  500  device,  IM  Auditor 
software  and  Greynet  Enterprise  Manager),  eSoft’s 
ThreatWall  200  appliance  and  Gateway  Anti-Spyware 
SoftPak,  Barracuda  Networks’  Barracuda  Web  Filter  310, 
Aladdin  Knowledge  Systems’ eSafe  Gateway/Web/Mail  V5.2 
appliance  and  Web  Security  Pack, Trend  Micro’s  InterScan 
Web  Security  Appliance  2500  and  CP  Secure’s  Content 
Security  Gateway  1500  V2.0  with  WebSense’s  Web  Security 
Suite  V6.2  (combination  offering).  We  also  downloaded 
Secure  Computing’s  Web  Washer  Anti-Virus  5.3  and  Secure 
Anti-Malware  product.  Three  vendors  (Sophos,  Bluecoat 
and  IronPort)  were  developing  new  product  versions  dur¬ 
ing  our  test  cycle,  and  McAfee  said  it  is  retooling  its  anti¬ 
malware  appliances. 

All  products  tested  fared  well,  with  FaceTime  Enterprise 
Edition  edging  out  a  strong  field  (three  products  tied  for 
second  with  4.1  scores).  FaceTime  earns  a  Clear  Choice 
Award  for  its  zero  latency  and  easy-to-use  central  console 
for  managing  multiple  appliances.  The  table  below  sum¬ 
marizes  the  success  rates  and  performance  results  for  each 


Antimalware  gateway  latency  and  accuracy 
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FaceTime's  RT  Guardian  appliance  edged  out  other  antimal¬ 
ware  gateways  with  an  innovative  TCP  Reset  feature  to  create 
zero  latency. 

product  (see  How  we  did  it,  page  54).  See  related  story  on 
new  approaches  to  malware  at  www.nwdocfinder. 
com/5226. 


Product 

Latency(nonexecutable) 

Latency  (executable) 

Accuracy* 

FaceTime  Enterprise  Edition 

0  ms 

0  ms 

98.5%  (69/70) 

CSGateway  1500  (CP  Secure) 

15  ms 

45  ms  to  80  ms 

98.5%  (69/70) 

InterScan  WS  2500  (Trend) 

16  ms  to  25  ms 

150  ms  to  190  ms 

97.1%  (68/70) 

eSafe  Gateway  (Aladdin) 

18  ms 

70  ms  to  150  ms 

97.1%  (68/70) 

ThreatWall  200  (eSoft) 

18  ms  to  25  ms 

110  ms  to  190  ms 

95.7%  (67/70) 

WebWasher  AV/AM  (Secure) 

20  ms  to  24  ms 

170  ms  to  250  ms 

95.7%  (67/70) 

Barracuda  Web  Filter  310 

20  ms  to  27  ms 

180  ms  to  230  ms 

95.7%  (67/70) 

'  Accuracy  defined  at  time  of  testing.  Because  there  are  no  standards  for  naming  spyware  instances,  we  are  not  naming  the 
instances  that  got  through.  A  vendor  may  know  our  instances  as  a  different  name  -  in  addition,  there  are  many  variations  of 
spyware  instances  and  a  vendor  product  may  or  may  not  handle  the  specific  version  of  the  malware  instance  we  tested  with. 


FaceTime  Enterprise  Edition 

This  system  includes  an  RTGuardian  (RTG)  appliance, 
Greynet  Enterprise  Manager  software  and  IM  Auditor  soft¬ 
ware.  Impressively,  the  RTG  500  caused  zero  latency  as  it 
inspected  inbound  and  outbound  Internet  traffic  for  mal¬ 
ware  and  malware  references.  When  it  detected  unman¬ 
aged  instant  messaging  and  peer-to-peer  protocols  (such 
as  Skype)  or  malware  coming  over  IM  or  peer-to-peer,  the 
RTG  500  prevented  the  unwanted  computer  programs 
from  entering  our  network  by  spoofing  the  source  and 
destination  machine  addresses  to  send  each  session  part¬ 
ner  a  TCP  Reset  packet.  The 
TCP  Reset  instructs  both 
sender  and  receiver  to  cease 
the  current  transfer  of  data. 

FaceTime’s  use  of  the  TCP 
Reset  packet  is  extremely 
clever.  The  RTG  appliance  was 
never  a  bottleneck,  because  it 
doesn’t  sit  inline  between  the 
Internet  connection  and  the 
network.  The  appliance  merely 
listens  to  the  conversation  flow 
and,  when  it  detects  malware, 
commands  the  client  and  the 
spyware  host  to  halt.  In  other 
words,  the  appliance  never  has 
to  act  as  a  relay  station.  While 
some  upstream  routers  may  be 


Still  no  definition 
of  ‘malware’ 

Alack  of  consistency  in  the  way  vendors  define 
and  recognize  malware  makes  it  impossible  to 
enumerate  the  number  of  instances  that  each 
product  recognizes.  One  vendor  might  inflate  its 
count  by  including  several  kinds  of  browser  cookies, 
while  another  might  inflate  its  count  by  treating 
slight  variations  in  a  malware  instance  as  multiple 
instances.  A  vendor  that  says  it  recognizes  5,000  dis¬ 
tinct  malware  instances  might  actually  thwart  more 
malware  than  a  vendor  that  touts  a  count  of  50,000. 
We're  happy  to  report  that  the  vendors  in  this  test 
are  among  the  most  honest  in  their  counting 
methodologies. 

Few  vendors  have  fully  embraced  the  proposed 
standards  at  www.antispywarecoalition.org.  To  com¬ 
pound  the  problem,  each  vendor  typically  uses  a  dif¬ 
ferent  name  to  refer  to  the  same  spyware  instance. 

Even  the  tools  that  vendors  use  to  thwart  malware 
often  have  little  relationship  to  the  number  of  mal¬ 
ware  instances  they  handle.  One  vendor  might  rec¬ 
ognize  a  particular  malware  instance  via  a  file-spe¬ 
cific  signature,  while  another  blocks  the  same 
instance  by  recognizing  the  exploit  that  it  uses.  Yet 
another  handles  that  same  malware  instance  via  dis¬ 
allowing  access  to  certain  IP  addresses  or  URLs. 

The  antimalware  industry  clearly  needs  a  standard 
definition  of  malware  and  a  standard  method  of 
expressing  how  many  instances  a  vendor  recognizes. 

—  BARRY  NANCE 


programmed  to  discard  the  TCP  Reset  on  its  way  back  to 
the  spyware  host,  you  can  reconfigure  the  upstream 
routers.  Most  important,  the  client  gets  the  message  to  stop 
requesting  the  spyware  packets. 

The  RTG  500  thwarted  69  of  70  malware  instances  with 
which  we  attacked  our  network.  The  device  dealt  compre¬ 
hensively  with  Web-,  Skype-  and  IM-borne  unwanted  pro- 
grams.The  1U  device  connects  to  a  span  port  on  a  switch 
or  any  hub  port.  FaceTime  typically  distributes  malware 
definition  updates  twice  a  week  but  sends  them  more 
when  it  identifies  critical  threats. 

For  each  event,  the  device  collects  date,  time, spyware  ID 
(its  name),  category  (spyware  or  adware),  type  of  attack 
(infection,  phone  home),  threat  rating,  source  IP  address 
and  number  of  attempts  made.  SNMP  support  for  network- 
management  system  integration  is  planned,  FaceTime  says. 

The  Greynet  Enterprise  Manager  (GEM)  component  is  a 
central  console  that  consolidates, in  one  place, the  admi  ' 
istration  of  several  remote  RTG  units.  A  handy  feature  of 
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GEM  is  that  it  can  detect  and  dean  infected  desktops 
without  the  use  of  an  agent.  The  IM  Auditor  component 
helps  the  RTG  500  thwart  and  report  on  malware  carried 
by  IM  protocols. 

Aiaddin  eSafe  Gateway/Web/Mail 

Aladdin’s  environment  consists  of  the  eSafe  appliance 
plus  Spyware  Neutralizer,  an  agentless  central  console  for 
automatically  removing  spyware  from  infected  clients.  The 
eSafe  appliance  stopped  68  out  of  70  malware  instances. 
The  eSafe  device  uses  a  combination  of  signatures,  heuris¬ 
tics,  behavior  blocking,  exploit  recognition  and  blacklisting 
to  keep  spyware  off  the  network.  The  blacklists  identify 
Object-IDs  of  known  malicious  ActiveX  objects,  as  well  as 
malicious  URLs  and  IP  addresses.  By  recognizing  their  pro¬ 
tocols,  eSafe  blocked  all  phone-home  attempts  in  our  tests. 

The  eSafe  system  worked  with  alacrity  It  introduced  an 
average  latency  of  18  msec  for  Internet  traffic  containing 
nonexecutable  files.  For  executables  (including  spyware) 
of  various  sizes,  eSafe  took  70  msec  to  150  msec  to  perform 
its  analysis. 

For  each  malware  detection,  the  device  records  date, 
time,  source  IP  address,  protocol  ID,  type  of  violation  and 
the  name  of  the  spyware  instance  or  exploit.  The  system 
can  integrate  with  network-management  systems  via  SNMP 


and  syslog. 

The  standard  eSafe  appliance  is  a  1U  device,  and  Aladdin 
offers  several  sizes, up  to  a  fully  populated  IBM  BladeCenter 
that  Aladdin  says  can  handle  42,000  HTTP  connections  per 
second.  Spyware-definition  updates  are  typically  distrib¬ 
uted  every  few  days,  but  high  threat  levels  can  prompt 
Aladdin  to  send  updates  several  times  a  day.The  appliance 
checks  for  updates  every  few  hours,  and  users  can  config¬ 
ure  this  interval. The  appliance  includes  antivirus  and  anti¬ 
spam  protections,  which  were  not  tested. 

Barracuda  Web  Filter  310 

The  1U  Web  Filter  310  device  stopped  67  of  our  70  mal¬ 
ware  instances.  The  Barracuda  appliance  identifies  spy- 
ware  by  file  signature,  as  well  as  URL  and  IP  address  con¬ 
nection  attempts.The  device  automatically  updates  its  def¬ 
initions  at  a  configurable  hourly  or  daily  rate,  with  hourly 
checks  recommended. 

Traffic  other  than  executable  files  passed  through  the 
appliance  with  a  latency  range  from  20  msec  to  27  msec  for 
each  packet.  The  device  analyzed  executable  files  for  spy- 
ware  with  a  latency  from  180  msec  to  230  msec.  Barracuda 
suggests  using  the  Web  Filter  310  to  handle  about  300  con¬ 
nections  per  second  for  best  performance.  If  it  detects  a 
phone-home  attempt,  the  system  automatically  invokes  the 


Barracuda  Spyware  Removal  Tool,  an  ActiveX  program  sent 
to  the  client  to  kill  the  running  spyware  process  and  clean 
up  the  client’s  hard  disk. 

The  Web  Filter  310  records  the  malware’s  signature,  its 
URL  or  IP  address  source,  and  the  date  and  time  of  the 
client’s  near-exposure  to  the  maiware.The  system  integrates 
with  network-management  systems  via  SNMPWe  didn’t  test 
Barracuda’s  IM  Firewall,  which  the  vendor  says  protects  IM 
clients  from  IM-borne  malware. 


The  CP  Secure  2U  gateway  appliance  uses  WebSense's  Web 
Security  software.  It  stopped  69  out  of  70  malware  instances. 


Content  Security  Gateway  1500  with  Web  Security  Suite 

The  combination  of  CP  Secure’s  2U  gateway  appliance 
and  WebSense’s  Web  Security  Suite  derailed  69  of  the  70 

See  Malware,  page  54 


NetResults 


Product 

FaceTime  Enterprise  Edition 

eSafe  Gateway/Web/Mail  V5.2 
appliance  with  Web  Security  Pack 

ThreatWall  200  appliance  with 
Gateway  Anti-Spyware  SoftPak 

InterScan  Web  Security  Appliance 
2500 

Vendor 

FaceTime  Communications 
www.facetime.com 

Aladdin  Knowledge  Systems 
www.esafe.com 

eSoft 

www.esoft.com 

Trend  Micro 
www.trendmicro.com 

Price 

Starts  at  $7,000. 

$3,170  for  100  users;  including  first  year 
updates. 

$1,600  plus  $699  for  the  Anti-Spyware 
SoftPak. 

For  1,000  users,  $20,000  (appliance) 
plus  $5,600  (Damage  Cleanup  Services 
software). 

Pros 

Zero  latency,  good  spyware 
recognition. 

Low  latency;  SNMP  support. 

Low  latency;  SNMP  support. 

Low  latency;  SNMP  support. 

Cons 

No  SNMP  support. 

Documentation  needs  a  little  more 
explanatory  text. 

Doesn't  use  ActiveX  Object  IDs  in  its 
recognition  of  spyware. 

Doesn't  use  ActiveX  Object  IDs  in  its 
recognition  of  spyware. 

Score 

4.55 

4.1 

4.1 

4.1 

Product 

Content  Security  Gateway  1500  V2.0  plus  Websense 
Web  Security  Suite  V6.2 

WebWasher  Anti-Virus  5.3  and  Secure  Anti-Malware 

Barracuda  Web  Fitter  310 

Vendor 

CP  Secure 
www.cpsecure.com 

Secure  Computing 
www.securecomputing.com 

Barracuda  Networks 
www.barracudanetworks.com 

Price 

$24,000  pius  $30.75  per  user  per  year  for  the  Web 
Security  Suite. 

For  1,000  users,  $17  per  user  per  year. 

$2,700  plus  $699  per  year  for  updates. 

Pros 

Low  latency;  accurate  spyware  recognition. 

SNMP  support. 

SNMP  support. 

Cons 

No  SNMP  support. 

Less  accurate  in  its  spyware  recognition  than  others 
tested. 

Doesn't  use  ActiveX  Object  IDs  in  its  recognition  of 
spyware;  higher  latency. 

Score 

4.0 

3.6 

3.55 

The  Breakdown 

FaceTime 

Aladdin 

eSoft 

Trend  Micro 

CP  Secure 

Secure  Computing 

Barracuda 

Identification/blocking  40% 

5 

4 

4 

4 

4 

3 

3 

Extra  features'  15% 

4 

4 

4 

4 

4 

4 

4 

Performance  15% 

5 

4 

4 

4 

4 

4 

3 

Peports,  SNMP  alerts  10% 

3 

4 

4 

4 

3 

4 

4 

Ease  of  use/deployment  10% 

5 

5 

5 

5 

5 

4 

5 

Documentation  10% 

4 

4 

4 

4 

4 

4 

4 

Total  scare 

4.55 

4.1 

4.1 

4.1 

4.0 

3.6 

3.55 

Sewing  Key:  5:  Exceptional:  4:  Very  good:  3:  Average:  2:  Below  average:  1:  Subpar  or  not  available 


'Includes  stopping  phone-home  attempts,  definition  update  frequency. 


With  shrinking  backup,  recovery  and  archive  windows,  most  IT  Professionals  protect  their  data  after  normal 
business  hours  and  on  weekends  -  the  times  when  you  would  rather  not  sit  around  watching  a  tape  library. 
Our  PX500  Series  redefines  value  in  rackmount  tape  automation  with  enterprise-class  features,  high  density 
and  market-leading  investment  protection.  And  our  superior  performance,  reliability  and  support  allow  you 
to  have  a  normal  life  -  with  vacations.  To  find  out  how  Quantum's  got  you  covered  with  our  new  PX500  Series, 
call  866-827-1500  or  visit  us  at  www.quantum.com.  UttBiuy  <§LT 


BACKUP  RECOVERY.  ARCHIVE.  IT’S  WHAT  WE  DO; 


■  V. 


®2005  Quantum  is  a  trademark  of  Quantum  Corporation  in  the  United  States  and  other  countries.  All  other  trademarks  are  the  property  of  their  respective  companies 
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Malware 

continued  from  page  52 

test  malware  instances.The  device  introduced  a  latency  of 
1 5  msec  for  Web  traffic  with  nonexecutable  files,  and  its 
inspection  of  executable  files  was  remarkably  quick,  rang¬ 
ing  from  45  msec  to  80  msec.The  CSG  1500  looked  for  spy- 
ware-  definition  updates  hourly  and  this  can  be  increased 
to  every  15  minutes  or  slowed  down  to  once  a  day  or  once 
a  week. 

The  Content  Security  Gateway  (CSG)  device  integrates 
with  WebSense  Web  Security  Suite  software,  which  you 
install  on  a  server  that  you  supply  While  the  Web  Security 
Suite  can  use  MySQL  or  the  limited  but  free  Microsoft  SQL 
Server  Database  Engine  as  a  repository  for  the  malware- 
related  events  that  it  stores,  CP  Secure  recommends  that 
companies  with  large  networks  license  and  use  Microsoft 
SQL  Server.  The  Web  Security  Suite  server  helps  the  CSG 
1500  appliance  by  supplying  it  with  WebSense’s  malware 
signature,  URL  and  IP  address  identities.  The  CSG  device 
incorporates  two  malware-detection  engines,  Kaspersky’s 
engine  and  CP  Secure’s  own  engine. 

The  CSG  1500  and  Web  Security  Suite  also  thwarted  the 
IM-borne  malware  in  our  tests.  CP  Secure  says  it  will  add 
SNMP  support  to  the  CSG  1500  later  this  year. 


ESoft's  ThreatWall  200  also  offers  options  to  counter  spam, 
viruses  and  phishing  attempts. 


ThreatWall  200  with  Gateway  Anti-Spyware  SoftPak 

ESoft’s  ThreatWall  200  1U  appliance  stopped  67  of  the 
test  malware  instances,  and  it  imposed  a  latency  of  18 
msec  to  25  msec  as  it  forwarded  nonexecutable  Internet 
messages  to  clients.  For  executable  files,  the  ThreatWall 


Focusing  on  gateway  products, we  primarily  looked 
for  the  ability  to  identify  and  block  malware  (such 
as  keystroke  loggers,  browser  hijackers,  adware, 
rootkits,  dialers,  data  miners  and  Trojans).  We  wanted  a 
product  to  prevent  malware  from  sending  data  from 
our  network  (such  as  phoning  home),  identify  already 
infected  clients,  handle  Skype-  and  instant  message- 
borne  malware  as  well  as  HTTP-borne  malware,  scan 
traffic,  quickly,  receive  frequent  spyware-definition 
updates,  integrate  with  a  network-management  system 
(such  as  OpenView)  and  produce  helpful  reports  on 
infection  attempts  and  traffic  statistics. 

We  collected  a  suite  of  70  malware  samples,  and  ven¬ 
dors  gave  us  some  additional  test  samples.  We  moved 
the  collected  material  to  an  isolated,  quarantined  net¬ 
work,  which  consisted  of  three  subnets.Subnet  1  had  10 
client  machines  with  a  variety  of  operating  systems, 
including  Windows  NT,  98, 2000,  ME,  XPRed  Hat  Linux 
'iid  Macintosh  OS  X.  Subnet  2  contained  three  Web 
servers  (Microsoft  Internet  information  Server, Netscape 
Enterprise  Server  and  Apache),  three  e-mail  servers 
(Exchange,  Notes  and  Sendmaii),  two  file  servers 
(Windows  2003  Advanced  Server  and  NetWare)  and 
two  database  servers  (Oracle  8i  and  Microsoft  SQL 


200  needed  1 10  msec  to  190  msec  to  analyze  packets  for 
potential  malware.The  device  looks  for  definition  updates 
automatically  every  30  minutes,  a  frequency  that  can  be 
changed  to  daily  The  eSoft  appliance  blocked  phone- 
home  attempts,  and  unlike  the  other  appliances,  it  scans 
FTRSMTP  and  POP3  traffic  in  addition  to  HTTP  as  it  looks 
for  malware. 

The  ThreatWall  200  uses  file  signatures,  URLs  and  IP 
addresses  to  recognize  malware.  For  each  spyware  event,  it 
records  date, time, source  IP  address, destination  IP  address, 
spyware  ID  (name),  network  domain  and  type  of  malware. 
The  ThreatWall  200  uses  SNMP  to  integrate  with  a  network 
management  system. 

In  addition  to  the  Anti-Spyware  SoftPak,  eSoft  offers 
options  for  countering  spam,  viruses  and  phishing 
attempts.  The  SiteFilter  option  lets  you  directly  control 
which  URLs  and  IP  addresses  clients  can  or  cannot  access. 


Trend  Micro's  IWSA  2500  is  the  hardware  version  of  its  gate- 
way-based  software. 


Trend  Micro  InterScan  Web  Security  Appliance  2500 

For  some  time,  Trend  Micro  has  sold  a  gateway-based 
antimalware  product  in  the  form  of  software  that  is 
installed  on  a  server.  The  InterScan  Web  Security 
Appliance  (IWSA)  2500  is  the  hardware  embodiment  of 
that  software  product,  enhanced  to  handle  network  traffic 
more  quickly  as  it  detects  incoming  malware.  In  our  tests, 
the  1U  IWSA  2500  parried  68  out  of  70  instances.  The 
device  added  a  16  msec  to  25  msec  latency  for  nonexe¬ 
cutable  files,  and  it  took  150  msec  to  190  msec  to  investi¬ 
gate  executable  file  packets  for  malware.  Trend  Micro 
updates  malware  definitions  at  least  daily,  and  will  distrib- 


Server).  Subnet  3,  simulating  the  Internet,  had  Web,  IM 
and  Skype  servers  and  clients  containing  the  malware 
instances  and  sporting  “bad  guy”  IP  addresses  and 
URLs.  Systems  on  the  first  two  subnets  accessed  the 
third  subnet  as  if  it  were  the  real  Internet. 

To  measure  performance,  we  used  two  time- 
synchronized  protocol  analyzers  on  the  Internet  and 
local  network  sides  of  the  gateway  device  and  exam¬ 
ined  the  resulting  packet  captures  to  know  the  time 
taken  by  a  device  to  forward  or  discard  each  net¬ 
work  message. 

Each  gateway  product  connected  our  simulated 
Internet  to  the  other  two  subnets.  Client  and  server 
machines  started  off  in  a  pristine  state  for  each  test. 

Our  clients  and  servers  attempted  to  download  mal¬ 
ware  from  the  simulated  Internet.  We  noted  how  well 
the  products  identified  malware  traffic  and  blocked 
attempts  by  the  malware  to  send  data  back  to  the 
source.  We  gauged  success  or  failure  by  examining 
each  machine  for  malware  after  each  test.  We  looked 
for  running  malware  processes,  new  program  files 
(EXE,  DLL  or  OCX,  possibly  marked  with  the  “Hidden” 
attribute)  and  directories  as  well  as  Registry  and  Start 
Menu  changes. 


ute  them  multiple  times  per  day  during  outbreaks.  The 
update  frequency  is  configurable  by  the  user,  and  can  be 
done  every  30  minutes  (default),  hourly,  daily,  weekly  or 
on  demand. 

The  appliance  identifies  malware  via  signatures  and  a 
proprietary  heuristics  algorithm.  It  uses  SNMP  to  integrate 
with  network-management  systems,  and  for  each  spyware 
event  records  date,  time,  spyware  ID,  spyware  source,  cate 
gory  type  of  scan  that  detected  the  spyware,  file  name  and 
destination  (client)  IP  address. 

The  optional  Damage  Cleanup  Services  component, 
which  installs  on  a  Windows  server,  can  automatically 
clean  an  infected  desktop  after  the  IWSA  2500  notes  the 
presence  of  malware. 

WebWasher  Secure  Anti-Malware 

We  downloaded  Secure  Computing’s  WebWasher 
Secure  Anti-Malware  software  from  the  vendor’s  Web  site, 
the  only  gateway  software  tested,  and  installed  it  on  a 
server. The  software  can  thwart  spam  and  viruses  in  addi¬ 
tion  to  malware.  WebWasher  disposed  of  67  out  of  70  test 
malware  instances.  We  installed  WebWasher  on  a  HP 
ProLiant  DL360  dual-processer  server  and  got  a  latency  of 
20  msec  to  24  msec  for  non-executable  files.  For  packets 
with  executables  in  them,  WebWasher  latency  ranged 
from  170  msec  to  250  msec.  Secure  Computing  says 
WebWasher  can  scale  to  handle  greater  volumes  of 
Internet  traffic  according  to  the  processor  speed  of  the 
server  it  is  installed  on. 

Malware-definition  updates  can  happen  hourly  and  the 
frequency  of  the  software’s  automatic  polling  for  updates 
can  be  changed  to  specific  times  each  day.  WebWasher 
incorporates  SNMP  support  for  integration  with  a  network- 
management  system. 

WebWasher  knows  malware  by  its  file  signature,  URL,  IP 
address,  ActiveX  Object  ID  or  through  heuristic  analysis  that 
looks  for  specific  known  exploits  and  malicious  behavior 
within  a  computer  program.  For  each  event,  the  product 
records  date,  time,  source  IP  address,  source  URL,  destina¬ 
tion  IP  address, spyware  ID,  file  size  and  file  type. 

State  of  the  antimalware  market 

For  all  the  tested  products,  documentation  was  compre¬ 
hensive  and  clear.  Installing  each  product  essentially 
involved  connecting  it  to  our  network  and  assigning  an  IP 
address. 

All  the  products  worked  well  in  our  tests.  Because  of  its 
excellent  accuracy  rate  and  zero  latency  through  the  clever 
use  of  the  TCP  Reset  command,  as  well  as  the  central  con¬ 
sole  which  improves  scalability  FaceTime  edged  out  the 
formidable  competition. 

Using  one  of  these  gateways  can  prevent  kudzu-like  mal¬ 
ware  from  infesting  your  network.  The  success  rates  and 
quick  performance  of  these  appliances  led  us  to  conclude 
that  2006  is  the  year  the  antimalware  vendors  have  finally 
drawn  even  with  the  bad  guys. 

Nance  nins  Network  Testing  Labs  and  is  the  author  of 
Introduction  to  Networking,  4th  edition,  and  Client/Server 
LAN  Programming.  He  can  be  reached  at  barryn@erols.com. 


Lab  Alliance 


■  Nance  is  also  a  member  of  the  Network  World  Lab  Alliance,  a 
cooperative  of  the  premier  testers  in  the  network  industry, 
each  bringing  to  bear  years  of  practical  experience  on  every 
test.  For  more  Lab  Alliance  information,  including  what  it  takes 
to  become  a  partner,  go  to  www.networkworld.com/alliance. 


How  We  Did  It 


Digging  deep  into  your  net 
with  VoIP  analysis  tools 


tasks  we  required  of  it. What  distinguished  the  performance 
of  this  product  was  its  ability  to  provide  the  administrator 
with  the  top-level  information  and  then  to  drill  down  into 
and  fix  a  reported  problem.  For  example,  in  a  summary 
view,  the  RTP  traffic  report  can  be  used  to  display  the  detail 
of  the  RTP  stream,  playback  any  captured  file, codec  and/or 
call  quality  detail  without  losing  the  visual  or  logical  con¬ 
text  of  the  tool  navigation. 

ClearSight  Analyzer  stands  very  strong  on  the  scope  of  the 
audio  and  video  codecs  it  can  recognize  and  analyze,  and 
also  the  ability  to  assess  mean  opinion  scores  (MOS) 
through  generated,  simulated  traffic  and  by  monitoring 
actual  user  traffic.  In  addition,  Clearsight’s  Real  Time  ladder- 
view  with  TCP/IP  and  application-anomaly  detection 
makes  it  easy  to  make  changes  and  see  the  effect  of  the 
change  without  recapturing  and  recomparing  traffic. 


BY  ANTHONY  MOSCO,  ROBERT  SMITHERS  AND  ROBERT  TARPLEY,  NETWORK  WORLD  LAB  ALLIANCE 

If  you  can’t  see  into  the  VoIP  traffic  on  your  network,  then  you  don’t  know 
whether  it’s  good  or  bad.  To  know  whether  voice  quality  or  call  connect 
issues  are  related  to  your  VoIP  IP/PBX  system  or  are  tied  to  underlying  net¬ 
work  issues,  you’ll  need  to  turn  to  the  evolving  class  of  network  monitoring 


products  called  voice-over-IP  analysis  tools. 


Since  our  last  test  of  these  tools,  VATs  have  picked  up 
more  monitoring  power  and  offer  a  deeper  level  of  detail 
in  their  displays  regarding  the  VoIP  activity  of  your  network. 
Degradation  of  your  VoIP  traffic  can  be  monitored,  investi¬ 
gated  and  resolved  before  users  are  aware  of  it. 

In  this  year’s  Clear  Choice  VAT  test,  six  vendors  accepted 
our  invitation, submitting  seven  tools.The  vendors  included 
Apparent  Networks,  ClearSight  Networks,  Empirix,  Fluke 
Networks, Touchstone  Technologies  and  WildPackets. 

All  products  were  tested  in  Miercom’s  lab  using  a  detailed 
methodology  to  assess  the  tools  in  six  categories  (see  “How 
we  did  it”  at  www.nwdocfinder.com/5221). The  categories 
are  configuration  and  deployment  options,  display  and 
interface  usability,  traffic  capture  and  real-time  monitoring 
options  (see  story  discussing  the  benefits  of  these  data 
gathering  methods  at  www.nwdocfinder.com/5222),  diag¬ 
nostics  and  trouble-shooting  measures,  and  reporting 
capabilities  and  advanced  features. 

ClearSight’s  Analyzer  garnered  the  Network  World  Clear 
Choice  Award  for  its  second  year  in  a  row.  It  topped  our 
charts  because  of  exceptional  diagnostic  tools  and  its 
advanced  navigation  and  display  features.  Fluke’s 
OptiView  tool  earned  second  place, showing  strong  in  its 
real-time  monitoring  and  reporting  features.  Here  below 
is  a  product-by-product  breakdown  of  how  each  tool 
fared  when  we  plugged  it  in,  turned  it  on  and  set  it  to 
watch  our  test  network. 

Apparent  Networks'  AppCritical 

Apparent  Networks’  AppCritical  tool,  an  active-mode 
monitoring  system, has  an  intuitive,  linear  interface  that  pro¬ 
vides  very  efficient  access  to  information. 

Collecting  information  on  network  activity  and  reporting 
on  these  captured  statistics  is  one  of  the  product’s 
strengths.  Based  on  applying  a  very  small  amount  of  traffic 
consisting  of  hybrid  Internet  Control  Message  Protocol 
QCMP)  style  queries,  it  operates  unobtrusively  from  a  single 
installed  location.  In  most  instances  a  single  site  installation 
is  sufficient  to  monitor  the  entire  network.  In  some  highly 
secured  networks  that  limit  ICMP  activity,  additional  soft¬ 
ware  probes  called  remote  sequencers  might  be  necessary 
to  overcome  restricted  boundaries.  They  are  installed  on 
the  remote  hosts.  With  its  unique  architecture,  this  was  far 


easier  to  deploy  in  an  enterprise  network  compared  with 
the  other  VAT  products  tested. 

In  our  traffic-capture  category  —  which  assesses  each 
product’s  awareness  of  network  conditions  and  VoIP  end¬ 
points  —  AppCritical  leads  the  pack,  because  it  was  very 
strong  in  collecting  the  data  necessary  to  identify  certain 
network  conditions  (such  as  the  loss  of  an  IP  WAN  con¬ 
nection,  call  controller  or  gateway)  that  would  affect  VoIP 
applications.  It  also  had  a  high  degree  of  success  in  pin¬ 
pointing  the  cause  of  degradation  in  call  quality,  and  its 
expert-commentator-like  interface  helped  diagnose  net¬ 
work  issues. 

AppCritical  has  one  of  the  best  and  highly  developed  help 
and  analysis  support  interfaces  we  have  tested.  Reports  and 
quality-assurance  threshold  alerts  contain  links  to  back¬ 
ground  information  to  assist  in  explaining  the  contents. . 

Where  this  product  fell  down  was  in  its  lack  of  real-time 
analysis  tools. 

ClearSight  Networks'  Analyzer 

ClearSight  offers  both  stand-alone  and  distributed  ver¬ 
sions  of  its  Analyzer  product.The  distributed  version  allows 
for  multiple  sites  to  be  simultaneously  monitored,  either 
individually  or  in  aggregate^  condition  that  earned  it  high 
marks  in  the  deployment  category. 

Analyzer’s  interface  is  intuitive  and  unique,  displaying 
more  network  activity  in  one  place  by  default  than  any 
other  product  tested.  In  addition,  it  is  designed  for  drilling 
down  to  greater  detail,  without  opening  multiple  separate 
windows  in  a  desktop-type  interface.The  tool’s  default  inter¬ 
face  displays  a  summary  graphic  view  of  all  active  and  non¬ 
active  protocol  sessions  on  the  network. 

The  VoIP  protocols  tracked  by  ClearSight  include  Session 
Initiation  Protocol  (SIP),  Skinny  Call  Control  Protocol 
(SCCP),  H.323,  Megaco,  Media  Gateway  Control  Protocol 
(MGCP),  to  name  a  few.  Unknown  protocols  are  displayed 
in  a  generic  traffic  category  The  default  navigation  tabs 
include  summary  detailed  and  combined-flow  views. 

Its  reporting  for  monitoring  and  threshold  responses  is 
generally  very  good.  We  did  have  difficulty  in  detecting  a 
duplex  mismatch  between  sites  at  the  router/switch  level. 
That  aside,  Analyzer  excelled  in  its  ability  to  monitor  our 
test  network  and  was  able  to  perform  all  the  diagnostic 


Empirix's  Hammer  Call  Analyzer 

The  Hammer  Call  Analyzer  (HCA)  is  best  used  as  a  traffic 
capture  and  diagnostic  tool,  not  a  real-time  monitoring  one. 
Its  excels  at  detailing  captured  data  for  further  investigation. 
The  HCAs  mode  of  operation  is  passive  —  listening  to  traf¬ 
fic  rather  than  generating  packets  for  transmission  and  com¬ 
parison  itself. The  Call  Analyzer  has  the  ability  to  display  the 
actual  sound  waveform  for  both  sides  of  the  call,  allowing 
visual  analysis  of  problems  between  the  various  devices. 

The  HCA  provides  the  most  customizable,  detailed  level 
for  setting  up  triggers.  A  trigger  is  a  set  of  predetermined 
conditions  that  will  start  the  capture  of  session  data  auto¬ 
matically  Triggers  can  be  set  for  pre-  and  postevent  actions 
on  a  given  threshold  or  level  of  session  activity  The  fine 
degree  of  control  for  setting  up  triggers  gives  the  tool  a 
pseudomonitoring  capabilitysuch  as  continuous  real-time. 

The  HCA  offers  a  display  ofVoIP  sessions, which  serves  up 
an  effective  capture  view. The  user  can  correlate  and  visu¬ 
alize  call  flows  among  any  combination  of  the  following 
protocols:  SIR  Megaco,  MGCR  ISDN,  Signaling  System  7 
(TCAP  and  SCCP),  H.323, T.38  and  Simple  Traversal  of  User 
Datagram  Protocol.The  Call  Merge  capability  allows  you  to 
follow  the  flow  from  end  to  end. 

Empirix  also  offers  an  optional  ISDN  card,  which  gives 
you  a  good  look  at  your  ISDN  traffic,  including  such  details 
as  call  setup  and  teardown.  Additionally  the  ISDN  card 
allows  the  use  of  the  Call  Merge  Map,  which  gives  managers 
the  ability  to  associate  calls  that  change  in  protocol,  such 
as  a  call  that  starts  as  ISDN,  is  converted  to  H323  and  then 
back  to  ISDN.This  is  useful  in  a  hybrid  environment. 

Empirix  was  a  bit  off  in  our  reporting  category  because  it 
does  not  create  preformatted  reports  of  system  activity  as  do 
the  other  tools  tested.  What  it  does  export  are  in  .csv  and  .txt 
files,  which  are  more  like  formatted  data  files  than  a  report. 

Fluke  Networks 

Fluke  Networks  submitted  two  products  for  testing,  its 
OptiView  suite  and  the  Visual  Uptime  Select  tool,  which 
was  acquired  in  a  recent  acquisition  ofVisual  Networks. 

The  OptiView  product  suite,  as  tested,  consisted  of  the 
Protocol  Expert  and  the  Link  Analyzer.The  Protocol  Expert 
is  a  software  tool  designed  for  use  on  lower-speed  links 
(10/lOOMbps)  using  a  laptop. Typically,  the  Protocol  Expeit 
is  deployed  to  capture  and  analyze  VoIP  traffic  at  the  end¬ 
point  location.  The  Link  Analyzer  tool  is  installed  on  the 
main  uplink  or  core  server-farm  link  where  aggregated 
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Product 

ClearSight  Analyzer 

Fluke  OptiView  Protocol  Expert  and 
OptiView  Link  Analyzer 

Touchstone  WinEyeQ 

WildPackets  OmniPeek  Enterprise 
with  VoIP 

Vendor 

ClearSight  Networks 
www.ciearsightnet.com 

Fluke  Networks 
www.flukenetworks.com 

Touchstone  Technologies 
www.touchstoneinc.com 

WildPackets 

www.wildpackets.com 

Price 

$20,000  for  all  software  and  includes 
one  year  of  updates. 

From  $9,500  for  software;  $20,000  for 
Gigabit-capacity  probe  appliance. 

$21,600  for  Software  Professional 
version. 

$26,490  for  one  console  and  five 
engines. 

Pros 

Ease  of  use,  intuitive  layout,  excellent 
navigation  and  drill  down  capabilities; 
top  monitoring  and  threshold  response 
reporting. 

Acquisition/interface  cards  allow 
effective  physical  insertion  into 
available  network  connection  types; 
good  reporting  filter  and  template 
availability. 

Strong  capture-and-analysis  tool  with 
good  real-time  monitoring  capabilities; 
easy  ability  to  drill  down  to  more  detail 
with  minimum  navigation. 

Ability  to  perform  multiple  captures 
with  unique  filter  settings 
simultaneously  with  many  and  detailed 
filter  options;  excellent  enumerated 
capture  Peer  Map  display. 

Cons 

Little  or  indirect  WAN  status 
monitoring. 

Although  detailed,  has  limited 
structure  in  navigation  and  view. 

Limited  historical  reporting. 

Displays  are  generally  clear  but  static, 
not  tailorable. 

Score 

4.3 

3.9 

3.75 

3.75 

Product 

Fluke  Visual  UpTime  Select  VoIP  Module 

Hammer  Call  Analyzer 

AppCritical 

Vendor 

Fluke  Networks 
www.flukenetworks.com 

Empirix 

www.empirix.com 

Apparent  Networks 
www.apparentnetworks.com 

Price 

$36,000. 

$24,975. 

$50,000,  includes  predeployment  assessment. 

Pros 

Single  point  of  management;  rich  assortment  of 
monitoring  options  and  reporting. 

Excellent  RTP  capture  and  playback  analysis; 
demonstrated  supports  of  both  IP  &  ISDN. 

Ease  of  deployment,  transparent  to  network 
boundaries;  outstanding  Reporting  and  Help  system. 

Cons 

Limited  capture-and-analysis  capabilities. 

Limited  reporting  of  live  traffic,  limited  report 
templates;  limited  alerting. 

No  live  traffic  capture  capabilities;  no  live  packet 
analysis. 

Score 

3.7 

3.7 

3.45 

Fluke  OptiView  Protocol 


The  Breakdown 

ClearSight  Analyzer 

Expert  and  OptiView  Link 
Analyzer 

Touchstone  WinEyeQ 

WildPackets  OmniPeek 
Enterprise  with  VoIP 

Ruke  Visual  UpTime  Select 

Empirix  Hammer  Call 
Analyzer 

Apparent  AppCritical 

Configuration  &  deployment  20% 

4.5 

3.5 

4.0 

3.5 

4.0 

4.0 

3.5 

Display  10% 

4.5 

3.5 

3.5 

4.0 

4.0 

3.5 

3.5 

Traffic  capture  10% 

3.5 

3.5 

4.0 

4.0 

2.5 

3.5 

4.5 

Real-time  10% 

4.0 

4.5 

3.0 

3.5 

3.0 

3.5 

0.5 

Diagnostics  20% 

5.0 

4.0 

4.0 

4.0 

4.0 

4.0 

4.5 

Reporting  20% 

3.5 

4.5 

3.5 

3.5 

4.0 

3.0 

3.5 

Advanced  features  10% 

5.0 

3.5 

4.0 

4.0 

3.5 

4.5 

3.0 

Total  score 

4.3 

3.9 

3.75 

3.75 

3.7 

3.7 

3.45 

Scoring  Key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  t:  Subpar  or  not  available 


VoIP/data  traffic  traverses.  Different  network  environments 
can  be  accommodated  easily  by  built-in  connections  for 
the  Link  Analyzer,  including  10/ 100Base-T,  lOOOBase-SX, 
lOOOBase-LX  and  lOOOBase-T. 

The  OptiView  suite  stood  out  in  our  Real-Time  Features 
category  in  which  we  assessed  the  level  of  real-time  session 
detail  that  can  be  reported. OptiView  has  the  ability  to  iden¬ 
tify  key  nodes  in  the  network  by  address  and  role,  IP  end¬ 
points,  call  encryption  recognition  and  the  vocoder  of  a 
specific  call  session. 

As  far  as  diagnostics  are  concerned,  OptiView  automati¬ 
cally  detects  and  identifies  such  network  problems  as  loss 
of  a  gateway  controller  or  specific  endpoint,  and  can  detect 
call-quality  degradation  in  latency,  packet  loss  and  MOS 
call-quality  level.  Flukes  Link  Analyzer  tool  also  features 
escalating  notification  processed  and  customizable  alarms 
when  network  conditions  reach  predefined  conditions. 

OptiView  offers  many  preformatted  reports  of  the  VoIP 
statistics  collected  and  offers  links  to  third  party  reporting 
tools  like  Crystal  Reports. 

Fluke's  Visual  Uptime  Select  is  a  traffic-analysis  and  net¬ 
work-monitoring  application  capable  of  displaying  real¬ 


time  activity  It  requires  software  agents  to  be  installed  at 
network  monitoring  points  software  agents  to  be  installed 
at  network-monitoring  points  to  report  VoIP  traffic  between 
the  monitored  sites  back  to  a  central  administrative  con¬ 
sole.  Overall,  it  has  a  strong  inherent  ability  to  report  out¬ 
ages  and  error  conditions  on  the  network. 

Visual  UpTime  is  able  to  detect  and  report  the  loss  of  a 
WAN  link,  call  controller  or  gateway  with  active  alerts  sent 
to  its  service  summary  screen, as  well  as  report  degradation 
in  call-quality  conditions  (latency  jitter,  packet  loss). 

The  reporting  capabilities  are  extensive,  comprising  a 
large  library  of  customizable  template  reports.  One  of  these 
template  reports  has  basic  statistical  or  metric  fields,  for  all 
or  specific  sites  or  IP  ranges,  but  it  can  then  be  altered  to 
display  just  the  information  the  administrator  requires.  Its 
straightforward, simple  interface  is  efficient  in  determining 
and  highlighting  any  issues  with  the  network.This  interface 
also  offered  quite  a  bit  of  flexibility  in  filtering  and  sorting 
the  collected  data. 

Touchstone's  WinEyeQ 

TouchStone  Technologies  submitted  the  WinEyeQ 


Professional  tool  for  testing,  but  the  company  also  offers 
Lite  and  Probe  editions,  which  scale  to  different  levels  of 
concurrent  sessions  that  can  be  monitored.  In  addition  to 
the  SIP  and  H.323  focus  it  held  last  year,  TouchStone  has 
added  to  its  list  of  supported  protocols.  They  are  MGCP 
Megaco,  HTTP  SMTP  POP3,  FTP  real-time  streaming  proto¬ 
col,  SNMP  and  Telnet.  WinEyeQ  also  can  capture  video  as 
well  as  RTP  streams. 

Designed  for  monitoring  only  VoIP  networks,  WinEyeQ 
provides  the  most  efficient  and  direct  product  layout  to 
facilitate  analyzing  a  VoIP  environment.  Using  a  tabbed  lay¬ 
out  for  navigation,  one  can  progress  left  to  right  to  high- 
level  network  activity  by  category  to  tabs  with  more  in- 
depth  information  on  active  calls,  registrations,  recent 
errors  and  user  alerts,  to  name  a  few.  Also  new  to  WinEyeQ 
is  a  command-line  interface  allowing  for  script  execution. 

WinEyeQ  offers  a  unique  real-time  SIP  device  interface 
that  can  contact,  query  and  even  control  SIP  device  set¬ 
tings.  Called  the  Test  Fleering  Fabric,  this  application  can 
send  a  message  to  SIP  endpoints  and  query  them  for  an 
XML-formatted  real-time  status  on  the  device,  or  pull  down 
a  call-summary  file  containing  160  metrics  (also  in  XML  for- 
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mat)  at  the  completion  of  the  call. 
This  Test  Peering  Fabric  lets  an 
administrator  broadcast  status 
requests  to  multiple  endpoints 
and  change  option  settings  for  SIP 
devices  so  they  can  be  remotely 
controlled  and  reconfigured. 

WildPackets'  OmniPeek 

WildPackets’  OmniPeek  data- 
analysis  tool  provides  an  optional 
module,  Enhanced  VoIP  Option,  to 
provide  VoIP  analysis.  OmniPeek 
has  distributed  capabilities  that 
comprise  software  probes  in¬ 
stalled  on  remote-network  subnets 
that  report  back  to  the  main 
analysis  engine. 

OmniPeek’s  strength  lies  in  the 
deployment  flexibility  of  its  data 
capture  filters  —  the  selection  cri¬ 
teria  for  catching  and  storing  VoIP 
data  for  subsequent  analysis  — 
and  the  detailed  level  of  informa¬ 
tion  they  supply  OmniPeek  has 
multiple  options  for  setting  what 
data  to  capture  and  the  VoIP  con¬ 
ditions  that  cause  a  preset  capture 
to  begin  recording  data.  The  pre¬ 
cision  of  the  filters  avoids  the  col¬ 
lection  of  a  voluminous  log  that 
could  add  time  and  overhead  to 
the  debugging  process  in  the  VoIP 
environment.  OmniPeek  allows 
multiple  unrelated  captures  to 
execute  simultaneously  with  dif¬ 
ferent  filters  and  initiation  condi¬ 
tions  set  on  each. 

One  of  OmniPeek’s  best  capture 
and-analysis  features  is  the  graph¬ 
ical  Peer  Map  display.This  shows  a 
diagram  of  VoIP  sessions  visually 
with  both  endpoints  enumerated 
along  with  visual  representation 
depicting  the  relative  percent  of 
network  throughput  used  by  each 
session  over  the  span  of  the  cap¬ 
ture.  Hovering  over  objects  in  the 
Peer  Map  will  generate  pop-up 
boxes  with  further  statistics  about 
the  object. 

A  unique  analysis  feature  for 
captured  .wav  files  lets  an  admin¬ 
istrator  replay  the  statistics  of  a 
captured  call  with  the  replay  of 
the  call  in  the  same  screen.  A 
captured  call  under  analysis  can 
be  examined  step  by  step  as  the 
captured  metrics  are  synchro¬ 
nously  displayed  on  the  screen.  If 
the  jitter  or  latency  degrades  in 
midcall,  the  replay  can  be 
stopped,  in  snapshot  fashion,  and 
all  associated  metrics  examined 
for  insight  to  the  call  and  net¬ 
work  environment. 

OmniPeek  did  not  show  as 
strong  in  real-time  monitor  mode. 
The  amount  ofVoIP  data  available 
in  real-time  monitoring  is  limited, 
because  standard  statistics  such 
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as  packet  counts,  network 
throughput  percent  and  detected 
error  are  available  only  in  sum¬ 
mary  aggregation  by  protocol. 
There  are  no  drill-down  capabili¬ 
ties  to  further  explore  issues  with 
a  particular  device  or  IP  address. 

Conclusion 

There  is  a  general  trend  in  this 


class  of  product  to  increase  pro¬ 
tocol  coverage,  redesign  inter¬ 
faces  for  improved  visual  high¬ 
lighting  and  navigability,  and 
include  advanced  features  to 
quickly  pinpoint  and  detail 
problem  areas  of  VoIP  activity 
and  call  quality. 

Consider  with  this  improve¬ 
ment  that  there  is  no  one  right 


or  wrong  way  to  implement  a 
VAT.  Most  of  the  tools  tested 
here  could  measure  up  in  your 
network  depending  on  the  level 
of  expertise  required,  the  imme¬ 
diacy  of  problem  resolution 
needed,  the  desire  for  proactive 
call-quality  management,  and 
the  level  of  detailed  capture 
data  necessary. 


Mosco  is  a  test  engineer, 
Smithers  is  CEO  and  Tarpley  is 
senior  engineer  at  Miercom,  an 
independent  network  testing 
and  consulting  firm  in  centra l 
New  Jersey.  They  can  be  reached 
at  amosco@miercom,rsmithers 
@miercom.com  and  rtarpley 
@miercom.com. 


Belderf  and  DuPont 

The  Clear  Standouts 
in  Cabling  Solutions 


Working  together, 
Belden  and  DuPont 
lead  the  industry  in 
creating  innovative 
structured  cabling 
technologies  and 
solutions. 


From  the  new  Belden  System  10GX®  to 
innovative  DuPont  Abandoned  Cable  Services 
to  the  leading  limited  combustible  cabling 
products  available,  Belden  and  DuPont  lead 
the  way  in  structured  cabling  solutions. 

The  Belden  System  10GX,  utilizing  DuPont 
materials,  isn’t  simply  tweaked  Category  6 
technology.  It’s  a  revolutionary  new  system 
designed  around  four  totally  new  enabling 
technologies  that  deliver  on  the  two  most 
critical  factors  in  10  Gigabit  service:  reduction 
of  Alien  Crosstalk  and  controlled  performance 
up  to  a  minimum  of  500  MHz. 

DuPont  Abandoned  Cable  Services, 
supported  by  Belden,  consist  of  a  suite  of 
services  designed  to  make  understanding  and 
responding  to  changing  building  safety  codes 
and  standards  relating  to  cabling  simple  and 
affordable.  These  services  identify  and  report 
on  abandoned  cable  hazards  and  provide 
detailed  plans  for  cable  removal  management 
and  infrastructure  improvement. 
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All  of  Belden’s  limited 
combustible  cabling 
products  use  DuPont 
Teflon®  FEP  insulation 
and  jacketing  materials 
to  lower  smoke  generation  by  2000% 
compared  to  conventional  plenum-rated 
cable.  In  fact,  no  other  structured  cabling 
company  uses  as  much  Teflon®  as  Belden! 

Belden  and  DuPont  clearly 
do  stand  out  from  the  rest. 

For  more  information, 
please  call  Belden  at 

1.800. BELDEN. 1 

www.belden.com 

www.dupont.com/ 
cablingsolutions 
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Transition  Networks  sharpens  your  ability  to  do  smart  business  with 
modular  conversion  solutions  that  give  you  the  control  to  expand 
your  network  by  user,  distance,  or  protocol.  Put  us  between  your 
copper  and  fiber  for  a  secure  and  smooth  response  to  your 
networking  issues.  Our  media  converters  economically  accommodate 
multiple  protocols,  platforms  and  interfaces.  Contact  Transition 
Networks  and  take  dead  aim  at  doing  business  even  better. 


TRANSITION 

NETWORKS: 


www.transition.com 


800-526-9267 
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MANAGEMENT  CAREERS 

■  CAREER  DEVELOPMENT  «  PROJECT  MANAGEMENT  ■  BUSINESS  JUSTIFICATION 


Gan  you  cut  it  as  an  IT  consultant? 

A  combination  of  personality,  motivation  and  skill  makes  for  success  in  this  field. 


BY  TIM  GREENE 


Perhaps  that  consultant  whom  your  company 
hired  to  implement  a  VoIP  rollout  has  you  won¬ 
dering:  Could  you  break  out  of  the  safety  of  your 
corporate  IT  job  and  succeed  as  a  consultant  yourself? 


If  you  are  pondering  this  question,  you 
need  a  reality  check  to  determine 
whether  you  are  cut  out  to  be  a  consul¬ 
tant.  Those  who  have  made  the  transition 
successfully  say  it  is  a  job  with  challenges 
that  are  quite  a  bit  different  from  those 
corporate  IT  professionals  face  and  that 
in  some  ways  is  more  demanding  than 
corporate  IT. 

“Think  about  when  you  call  a  consul¬ 
tant,”  says  Matt  Olson,  CEO  of  Ocean 
Consulting  in  Portland,  Ore.“You  need  to 
be  prepared  to  deal  with  everybody’s 
worst  problems.  Either  everybody  else 
failed,  or  their  vendor  or  lead  engineer  is 
tapped  out,  and  they  need  someone  else 
to  lay  out  a  course  of  action.” 

Consulting  can  present  more  challenges 
than  corporate  IT,  but  it  also  holds  the 
potential  for  more  rewards,  according  to 
experts  who  have  studied  the  field.  IT  pro¬ 
fessionals  can  boost  their  careers  with 
stints  as  consultants,  they  say. 

“A  typical  career  path  might  be  process 
management  in  a  corporate  IT  environ¬ 
ment,  becoming  the  process  owner,  then 
an  internal  consultant,  leave  to  join  a 
consulting  organization  and  come  back 
into  corporate  IT  as  a  CIO,” says  Laurie 
Orlov,  a  Forrester  Research  analyst  who 
has  studied  IT  careers. 

Similarly,  a  corporate  systems  integrator 
might  be  promoted  to  systems  architect, 
then  leave  the  company  to  work  for  an 
outsourcer  and  afterward  return  to  a  cor¬ 
porate  IT  management  job  specializing  in 
vendor  relations,  says  Sam  Bright,  another 
Forrester  analyst. 

This  pays  off  for  the  businesses  that  hire 
former  consultants  to  fill  IT  executive 
slots,  Orlov  says.'A  lot  of  CIOs  who  come 
from  consulting  have  more  advanced  IT 
organizations  that  implement  more  of 
what  are  considered  industry  best  prac¬ 
tices,”  she  says. 


There  also  is  the  potential  to  boost 
income.“It’s  like  any  career  move  out  of 
the  standard,  percentage-rate-increase 
raise  and  into  a  different  salary  band  just 
by  moving  jobs,”  Orlov  says.“Plus,the 
opportunity  to  participate  in  revenue- 
related  compensation  can  be  very  attrac¬ 
tive  and  something  you  don’t  see  as 
much  in  corporate  IT’  In  other  words,  if 
you  do  well, you  get  bonuses. 

Other  upsides  of  consulting  for  IT  pro¬ 
fessionals  are  increasing  job  skills 
through  varied  assignments,  the  potential 
for  higher  salaries  as  a  consultant  and  on 
returning  to  corporate  IT,  and  the  satisfac¬ 
tion  of  being  in  the  middle  of  significant 
projects  most  of  the  time. 

“It’s  like  drinking  from  a  fire  hose,” says 
Chad  Fetzer,  a  senior  systems  analyst  with 
Chicago  IT  consulting  firm  Agility“lt’s 
more  exciting  than  corporate  IT.  As  a  con¬ 
sultant  you  feel  more  valuable,  because 
you  were  hired  to  fix  a  critical  problem  or 
design  a  solution  because  you  have  a 
specific  expertise.” 

Traits  it  takes 

Consulting  isn’t  for  everybody,  however. 
Those  who  succeed  need  motivation,  cer¬ 
tain  personality  traits  and  broad  techni¬ 
cal  skills. 

“You  have  to  be  self-motivated,”  Ocean 
Consulting’s  Olson  says.  Nobody  comes 
along  to  give  you  pep  talks,  and  particu¬ 
larly  if  you  are  running  your  own  busi¬ 
ness,  you  have  to  be  able  to  withstand 
rejection  when  a  potential  client  chooses 
someone  else  to  do  the  job. 

Consultants  need  self-confidence. “A  lot 
of  people  have  anxiety  doing  a  cold  call 
and  sitting  down  with  a  client,  but  there’s 
no  way  to  get  around  it,”  Olson  says. 

The  key  is  to  ask  questions  and  guide 
the  decision-making  process,  he  says. 
“Half  the  time  the  person  on  the  other 


side  doesn’t  know  exactly  what  they’re 
looking  for  except  a  path  to  resolution  of 
their  problem.” 

Lance  Candia.who  runs  Computer 
Network  Consulting  in  Indiana,  recently 
took  a  corporate  IT  job  in  a  medical  prac¬ 
tice  for  the  security  it  provided.  He  says  it 
helps  if  you  are  born  with  the  right  per¬ 
sonality,  but  you  may  be  able  to  make  do 
with  the  one  you  have. 

He  classifies  himself  as  an  introvert  but 
that  didn’t  work  against  him,  because 
back-slapping  salesmanship  is  not  a 
requirement.“Some  general  managers  or 
vice  presidents  see  [quieter  personali¬ 
ties]  as  pure,  unadulterated  honesty  and 
think  maybe  not  dealing  with  a  salesper¬ 
son  is  going  to  be  a  benefit,”  he  says. 

Consultants  also  need  to  be  quick  stud¬ 
ies  and  grasp  new  technologies  that  may 
come  up  on  the  job. “You  have  to  have 
the  ability  to  learn  on  the  fly  and  trouble¬ 
shoot  on  the  fly]’  Agility’s  Fetzer  says. 

Forrester’s  Orlov  recommends  that 
prospective  consultants  brush  up  on  their 
speaking  and  writing  skills,  which  are 


Consulting  considerations 

Before  leaving  the  relative  security 
of  a  corporate  IT  job  for  the  world 
of  consulting,  corporate  IT  experts 
need  to  look  within  themselves  and 
answer  these  questions  honestly: 

•  Is  my  family  prepared  to  see  me  less  often? 

•  Am  I  willing  to  put  in  longer  hours  and  be  on- 
call  most  of  the  time? 

•  Can  I  work  in  a  different  environment  every 
day? 

•  Do  I  have  the  financial  resources  to  tide  me 
over  during  lean  times? 

•  Are  my  skills  varied  and  up-to-date  enough  to 
address  consulting  challenges? 

•  Do  I  have  the  interpersonal  skills  to  represent 
myself  and  my  consultancy  successfully? 

•  Can  I  rebound  from  rejection  if  I  don't  land  a 
consulting  customer? 

•  Do  I  have  the  ability  to  learn  quickly  what  I 
need  to  know  to  handle  network  challenges 
I've  never  faced  before? 


essential  to  consulting.  Clubs  such  as 
Toastmasters  International  can  help 
develop  skills  and  confidence  in  present¬ 
ing  material  orally  she  says.  Writing  pro¬ 
posals  and  seeking  feedback  can  help 
tune  up  writing. 

Such  basics  as  being  well-groomed  are 
also  key  to  making  a  good  impression, 
Orlov  says.“You  will  be  dressed  up  and 
ready  to  meet  clients,”  she  says. 

Consultants  who  go  out  on  their  own 
instead  of  working  for  large  consulting 
operations  need  to  worry  about  finances, 
because  consulting  jobs  come  in  waves, 
and  there  can  be  downtimes  for  income. 
Computer  Networks’  Candia  says  he  was 
able  to  start  out  in  consulting  because  his 
wife  could  backstop  the  family  finances. 

“I  have  a  wife  with  a  good  career,  and 
even  if  I  fell  on  my  face,  she  could  keep 
paying  the  bills  until  something  good 
happened,”  he  says. 

That  ebb  and  flow  of  business  intro¬ 
duces  other  tasks  for  the  entrepreneurial 
consultant:  If  business  is  good,  it  may 
become  necessary  to  hire  more  consul¬ 
tants  to  help  out,  so  the  consultant  has  to 
be  a  boss,  too.  And  the  more  business  a 
consultant  gets,  the  greater  the  number  of 
people  who  want  to  tell  him  what  to  do. 
“If  you  have  50  clients,  you  have  50  boss¬ 
es,”  Candia  says. 

Fetzer  says  the  most  important  thing  a 
consultant  needs  is  a  family  that  backs 
his  career,  with  its  long  hours  and  uncer¬ 
tain  pay“lt  can  have  a  big  hit  on  your  per¬ 
formance  if  you’re  thinking  that  if  you’re 
not  home  at  a  certain  time,  your  wife  will 
be  mad,”  he  says.“If  your  family  is  happy, 
you  perform  a  lot  better” 

Potential  consultants  also  need  to  eval¬ 
uate  their  technical  knowledge  and 
brush  up  in  areas  where  the  demand  is 
high  but  their  experience  is  weak. “If 
you’ve  been  in  corporate  IT  for  a  while, 
you  may  need  to  go  down  to  the  base¬ 
ment,  dust  off  your  lab  and  work  with 
the  new  stuff,”  Fetzer  says. 

Ten  years  ago  during  the  high-tech 
boom,  the  expertise  of  consultants  was 
not  so  much  an  issue  because  demand 
for  them  was  so  high,  Candia  says  Today 
however,  there  is  no  substitute  for  having 
broad  knowledge  and  skills. “This  is  not 
the  ’90s  anymore,”  he  says.  E 
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Web  Browser  Interface 


Yes,  We  are  Customer  Friendly! 

'Z  Two  Year  Warranty 
Z  We  Stock  for  Same  Day  Shipment 
■/  30  Day  Return  Policy 
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Control  Power  on  Any  AC 
Powered  Device ... 

Via  Web  Browser,  Telnet, 
Modem  or  Local  Terminal 


Servers,  routers,  and  other  electronic  equipment  occasionally 
“lock-up”,  often  requiring  a  service  call  to  a  remote  site  just  to 
flip  the  power  switch  to  perform  a  simple  reboot.  With  WTI’s 
Remote  Power  Switches,  you  can  perform  reboot  and  On/Off 
control  from  anywhere! 

(*7)  Web  Browser  Access  for  Easy  Setup  and  Operation 

(v)  Vertical  or  Horizontal  Zero  U  Space  Mounting  Options 

(v)  Dual  15  or  20  Amp  Power  Circuits 

©  Switch  up  to  8,320  Watts 

(v)  115  VAC  Models  -  NEMA  5-1 5R  Outlets 

©  208/230  VAC  Models  -  IEC320-C13  Outlets 

©  Up  to  Sixteen  (16)  Individual  Outlets 

©  Power-Up  Sequencing 

©  RS232  Modem/Console  Port 

(v)  Accepts  Standard  C-19  to  L5/6-20P  Power  Cords 


Choose  from  a  variety  of  configurations,  options,  and  pricing. 

Free  overnight  delivery* 
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"Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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She’s  watching  PHYSICAL  SECURITY  with  video,  motion, 
and  door  switches. 

•  She’s  tracking  ENVIRONMENTAL  THREATS  like 
temperatures,  power  failures,  water  on  the  floor,  smoke,  fire, 
and  more. 

•  She’s  checking  NETWORK  CONNECTIVITY 
and  SERVER  RESPONSE. 


Motion 


Temperature 


The  IMS-4000  is  a  scaleable,  stand  alone. 
Infrastructure  Monitoring  System  with  data 
trending,  instant  notification,  integrated 
battery  backup,  and  redundant  communi¬ 
cation  paths  for  maximum  reliability. 
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Water 

Smoke 


Monitor  everything  that  threatens  your  data  center, 

.  .  .  and  Know  Everything. 

To  learn  more  visit  Or  call  toll  free 

www.ims-4000.com  877-373-2700 
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RELAX.  YOU’RE  IN  CONTROL  NOWJ 

Manage  remote  offices  from  wherever  you  are. 
Secure  your  Data  Center.  No  software  licensing  fees. 

State  of  the  art  security 

Dependable,  Powerful,  Secure,  Guaranteed 

24/7  Mission  Critical  Reliability 

Industry  Best  Video 

USB,  PS/2,  Serial  Support 

Single,  Dual,  Quad  Models 
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Ultralink 


UltraUnk  __  _ 


Digital  KVM  IP 
Switches 


Multi-platform  KVM 
Switches 


Quad  Video  KVM 
Switches 


View  and  control 
four  computers 
on  a  single  monitor 

VGA,  DVI,  HDTV 
USB,  PS/2 
PiP  mode 
High  quality  video 

\ 


Micro-mini  KVM 
Extender 

Extends  keyboard,  video  and 
mouse  up  to  1,000'  over  CATx 


PS/2,  USB 
High  Res.  VGA  Video 
Auto  Equalization 
Auto  Skew  Compensation 

- - s 


KVM  Extenders 

Extends  keyboard,  video, 
and  mouse  signals  up  to 
33,000  feet 

Fiber,  CATx 

DVI,  VGA,  High  Res. 

PS/2,  USB,  Sun 
Audio,  Serial 

"X _ 


KVM  Rack  Drawers 

The  most  efficient  way  to 
organize  your  server  room. 

1U  or  2U,  VGA,  DVI 
15",  17",  19"  or  20" 

PS/2,  USB,  Sun 
Touchpad  or  Trackball 


Panel  Mount  LCD 

Mounts  vertically  in  a  standard 
19" rack 

15",  17",  19",  20",  or  23" 

VGA,  DVI,  S-Video 
Optional  Touchscreen 
Optional  Built-in  KVM  Extenders 


Switch  &  control  1,000s  of 
computers  and  network  devices 


Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


Switch  &  control  1,000s  of 
computers  &  network  devices 
over  IP 

Advanced  security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  85057 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTRONICS  10707  STANCUFF  ROAD  -  HOUSTON,  TEXAS  77099 


# 


ROS 

ELECTRONICS 


IS  WITHIN  YOUR  BUDGET 


Free  Shipping! 

Go  to  www.networkhardware.com/freeship  to  get 
a  coupon  for  free  shipping  on  your  next  order. 


Routers  a  Switches  a  Security 
Access  Servers  a  VoIP  a  Memory 

•  Buy,  sell  or  trade  pre-owned  equipment 

•  One-year,  advanced  replacement  warranty 

•  Prices  50%  to  90%  off  list 

•  Overnight  delivery 

•  Cisco  certified  technical  support  available 

•  More  than  $100  million  in  inventory  - 
current  and  past  generation  products 
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One-year  warranty  available  to  retail  customers  only.  Overnight  delivery  subject  to  FedEx  service  restrictions.  Network  Hardware  Resale  and 
the  Network  Hardware  Resale  logo  are  trademarks  of  Network  Hardware  Resale  IIX,  All  other  company  or  product  names  are  property  of 
their  respective  owners.  ©  2006  Network  Hardware  Resale  LbC. 
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Does  a  tight  budget  compromise  your  network  quality,  functionality  and 
reliability?  With  guaranteed  pre-owned  networking  equipment  from 
Network  Hardware  Resale,  your  network  runs  on  top-tier  Cisco  equipment 
that  performs  like  new,  at  a  fraction  of  the  cost.  Equipment  is  delivered 
overnight  with  your  configurations  pre-loaded.  Unparalleled  warranty 
and  support  service  leave  nothing  to  chance.  That's  best-in  class. 


To  learn  more,  visit  www.networkhardware.com 
or  call  1-800-251-6497. 
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NETWORK  HARDWARE  RESALE 

The  World's  Most  Trusted  Source™ 
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Server  Room 
Climate  &  Power 

Monitoring 
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Instantly  Search  Terabytes  of  Text 


Contact  dtSearch  for 
fully-functional  evaluations 

The  Smart  Choice  for 
Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed, 
fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF, 
while  displaying  links,  formatting  and 


♦  converts  other  file  types  (database, 
word  processor,  spreadsheet,  email 
and  attachments,  ZIP,  Unicode,  etc.)  to 
HTML  for  display  with  highlighted  hits 


♦  Spider  supports  static  and  dynamic 
Web  content,  with  WYSWYG 
hit-highlighting 


♦  API  supports  .NET/.NET  2.0,  C++,  Java, 
SQL  databases.  New  .NET/.NET  2.0 
Spider  API 


dtSearch®  Reviews 

♦  "Bottom  line:  dtSearch  manages  a 
terabyte  of  text  in  a  single  index  and 
returns  results  in  less  than  a  second" 

-  InfoWorld 

♦  "For  combing  through  large  amounts 
of  data,  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  "Blindingly  fast"-  Computer  Forensics: 
Incident  Response  Essentials 

♦  "Covers  all  data  sources  ...  powerful 
Web-based  engines"  -  eWEEK 

♦  "Searches  at  blazing  speeds" 

-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search 
tool  on  the  market"-  Wired  Magazine 

For  hundreds  more  reviews  —  and 
developer  case  studies  —  see 
www.dtsearch.com 


1-800-IT-FINDS  •  www.dtsearch.com 
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AAA  East  Central  Advances  Troubleshooting  with  Observer 


Although  advanced  network 
troubleshooting  tools  are  readily 
available,  many  IT  professionals 
continue  to  take  the  old  "trial  and 
error"  approach  to  solve  problems. 
This  is  bad  for  users,  customers,  and 
the  bottom  line.  The  American 
Automobile  Association  (AAA)  East 
Central  shows  how  following  a 
proven  troubleshooting  methodology 
translates  into  cost  savings  (and 
happier  users  and  customers). 

To  get  better  coverage  for  the  entire 
network  and  still  stay  within  budget, 
AAA  East  Central  CIO  Portia  Ulinski 
deployed  Network  Instruments' 
Observer®  Suite  along  with  60  probes 
across  the  entire  network  infrastructure. 

"We  realized  how  important 
it  was  to  monitor  all  network 
communication  at  the  time  destructive 
viruses  such  as  sobig  and  mydoom 
were  hitting  companies  around  the 
world,"  Ulinski  said.  "With  Observer, 
we  can  see  problems  as  they  emerge 
and  eliminate  them  before  they 


have  a  chance  to  affect  the  network." 

Knowing  what  device  is  causing  an 
unusual  amount  of  activity  can  be  the 
key  factor  in  resolving  a  situation. 


Observer's  Top  Talkers  feature  shows 
the  current  activity  for  every  device  on 
the  network  in  real  time. 

"We  consistently  use  Top  Talkers  to 
track  the  total  amount  of  stats  for  each 
office  to  see  if  there  is  any  unusual 
activity,"  said  Coleman  Jennings, 
senior  network  engineer.  "It's  a  big 
problem  when  a  device  other  than 
servers,  routers  or  anyone  in  the  IT 
department  ranks  high  on  Top  Talkers." 

There  could  be  a  number  of  reasons 


someone  tops  the  list.  In  one  case, 
Jennings  identified  an  end  user 
transferring  a  large  number  of  files  to  a 
server.  He  investigated  further  and 


Portia  Ulinski,  CIO,  AAA 

discovered  that  an  employee  was 
backing  an  entire  hard  drive  to 
that  server. 

"Through  Top  Talkers  I  was  able  to 
track  down  the  person  who  was 
transferring  all  that  data"  Jennings  said. 
"Had  I  not  stopped  that  person,  all  the 
activity  would  have  overloaded 
the  system." 

On  another  day,  an  application 
responsible  for  providing  Emergency 
Road  Service  stalled.  Without  that 


application,  services  get  delayed, 
which  can  leave  customers  stranded  at 
the  roadside  for  an  extended  period 
waiting  for  help.  Jennings  drilled  down 
with  Observer's  Connection  Dynamics 
for  a  packet-by-packet  display  of  the 
application's  communication  with 
each  client. 

"The  time  analysis  clearly  showed 
there  was  a  problem  with  the 
application,  which  I  was  able 
to  immediately  address-restoring 
full  service  to  our  customers," 
Jennings  said. 

Observer  monitors  network 
communication  around  the  clock  to 
ensure  that  AAA  East  Central 
constantly  receives  the  information 
resources  needed. 

"Observer  is  like  having  an 
employee  on  site  at  all  hours  to 
manage  the  network,"  Ulinski  said. 
"We've  been  very  satisfied  with  its 
capabilities.  So  far  Observer  has 
prevented  us  from  experiencing  any 
downtime." 


“Observer  is  like  having  an  employee 
on  site  at  all  hours  to  manage  the 
network,  we’ve  been  very  satisfied 
with  its  capabilities.” 


Observer  is  the  only  fully  distributed  network  analyzer  built  to  monitor  the  entire  network  (LAN,  802.1 1  a/b/g.  Gigabit,  WAN). 
Download  a  free  Observer  11  demonstration  today.  Visit  www.networkinstruments.com/analyze  to  learn  more. 

US  &  Canada  toll  free  800-526-5958  fax  952-358-3801  UK  &  Europe  +44(0)1959  569880 
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©  2005  Network  Instruments,  ILC.  All  rights  reserved.  Network  Instruments,  Observer,  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 


Let  the  Model  135 
Monitor  Your  Site 


The  Model  1 35  Site  Monitor  is  designed  to  serve  as  your 
"resource  kit”  for  monitoring  and  maintaining  computer, 
communications,  and  specialized  equipment  locations. 

With  a  wide  range  of  built-in  capabilities,  it’s  easy  to  tailor 
a  powerful  site-specific  solution. 

Highlights  include  10/100  Ethernet  and  analog  modem 
connectivity,  serial  port  access  and  text  data  "matching,” 
AC  and  DC  voltage  monitoring,  ping  testing,  and  contact 
closure  inputs  and  outputs.  And  the  web-based  interface 
makes  setup  and  use  a  straight-forward  process. 

For  complete  details  on  the  Model  135,  give  us  a  call  or 
visit  www.gkinc.com/cn/ 


Gordon  Kapes,  Inc. 

Skokie,  IL  USA  |  Ph  847-676-1750  |  www.gkinc.com/cn/ 


IheNwrSsbtVlHlablsSpeidFBii 
Controller  l»a  dream  come  tnie. 


•  Eliminate  unnecessary  fan  noise 

•  Automated  maintenance  of  optimal  cabinet  temperature 

•  Web  accessible  remote  monitoring  &  maintenance 

•  Dual  A/C  input  -  auto  switching  in  the  event  of  power  failure 

•  Immediate  notification  alarms  via  SNMP  trap,  e-maii  and/or 
audible  buzzer 

[Lescm  eeg©  eO  BOGBSO  Bscffi/Cgg© 

www.racsense.com 
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Net  Buzz 

continued  from  page  66 

couldn't  give  up  use  of  the  Web. 
Information  that  used  to  take 
days,  weeks,  months  or  even 
years  to  uncover  can  now  be 
discovered  in  a  few  minutes. 
Patching  my  computer  or  get¬ 
ting  the  latest  drivers  now  takes 
just  a  few  minutes,  while  the 
same  task  would  have  taken 
days  or  weeks  in  the  past  (if  it 
was  possible  at  all).  Getting  rid 
of  e-mail  would  just  send  us 
back  to  a  simpler  time,  when 
interpersonal  skills  were  neces¬ 
sary  to  survive.  Doing  without 
the  Web  would  simply  be  a 
return  to  the  Stone  Age  —  give 
me  a  stone  tablet  and  chisel.” 

Howard  Stewart  also  would 
give  up  e-mail,  but  adds:  "I  have 
a  question.  What  happens  to  all 
the  spam  I  get  now?  Would  it 
build  up  in  a  spam  queue  some¬ 
where  until  it  reached  a  critical 
level  where  it  would  explode  in  a 
giant  spam  mushroom  cloud  and 
inundate  all  the  computers 
worldwide?  I  would  hate  to  be 
the  cause  of  such  a  disaster  but 
I  couldn’t  work  the  way  I  do 
without  the  Web.” 

Fear  not,  for  we  have  alerted 
Homeland  Security. 

John  Huie  wants  to  split  the 
baby:  "At  work?  . . .  Gotta  have 

my  e-mail _ At  home?  . . . 

Gotta  have  my  Web.” 

As  mentioned,  some  members 
of  the  Brigade  did  back  flips  to 
avoid  having  to  choose. 

"No  way,  dude.  Can't  do  it.  I’d 
get  the  DT's  really  fast  and  have 
to  be  carried  away  in  an  ambu¬ 
lance.  The  ER  would  have  to 
bring  out  a  laptop  with  wireless 
so  I  could  get  my  e-mail  fix  and 
do  a  little  surfing,"  laments  Ken 
Diliberto.  "I  don’t  know  that  I 
could  give  up  either." 

After  more  hemming  and  haw¬ 
ing,  however,  Diliberto  says  he 
would  “probably  give  up  e-mail," 
before  adding,  “enough  of  this 
suffering.” 

And  finally,  we’ll  end  with  a 
fellow  who  chose  Door  No.  3. 

“That  is  quite  a  choice,”  says 
Keith  Rosenberg.  “Being  an  IT 
geek,  both  are  critical  to  my  job 
and  I  really  cannot  do  without 
either. ...  So  I  would  get  rid  of 
both  and  get  a  job  as  a  vacation 
tester!” 

There’s  always  room  for  another 
point  of  view.  The  address  is 
buzz@nww.com. 


Sam  Houston 

continued  from  page  1 

In  the  Cisco  model, each  phone 
attached  to  the  CallManager  re¬ 
quired  a  separate  annual  licens¬ 
ing  fee  to  operate,  Daniel  said.  In 
SHSU’s  Asterisk/Cisco  model, 
where  it  will  keep  its  existing 
Cisco  phones  but  attach  them  to 
Asterisk  servers  on  the  back  end, 
the  phone  licensing  costs  are 
eliminated. 

SHSU  has  moved  1,600  IP 
phones  from  CallManagers  to 
Asterisk,  which  runs  the  IETF-stan- 
dard  version  of  Session  Initiation 
Protocol  (SIP).  The  Asterisk  func¬ 
tions  are  spread  across  six  redun¬ 
dant  Dell  servers:  two  act  as 
redundant  PSTN  gateways  (and 
are  outfitted  with  four-port  T-l 
cards  from  Digium,  which  com¬ 
mercially  distributes  Asterisk); 
two  handle  call  processing;  and 
another  set  provides  voice  mail. 

The  Cisco  7940  and  7960  IP 
phones  the  school  had  deployed 
were  updated  with  a  standard  SIP 
software  image  replacing  the  pro¬ 
prietary  Cisco  Skinny  Call  Control 
Protocol,  which  was  used  to  con¬ 
nect  the  phones  to  the  Call- 
Managers.  When  the  phones  were 
upgraded  with  the  SIP  image  “all 
we  had  to  do  was  reboot  the 
phones,”  in  order  to  register  them 
with  the  Asterisk  server,  he  said. 

More  control  over  the  IP  PBX 
software  and  servers  was  another 
reason  SHSU  made  the  Asterisk 
jump,  Daniel  said.  Because  only 
Cisco-approved  server  updates 
and  patches  could  be  installed  on 
the  Windows  Server  2000-based 
CallManagers,  “we  felt  we  were 
more  susceptible  to  hacks,”  he 
said.  “We  have  a  lot  more  peace  of 
mind  with  the  open  source  sys¬ 
tem.  If  a  bad  exploit  is  found  in 
SiPwe  can  fix  it  ourselves.” 

Besides  the  phones,  Cisco  gear 
still  comprises  a  large  chunk  of 
the  IP  telephony  infrastructure  at 
SHSU. The  entire  WAN  and  LAN  is 
based  on  Cisco  routers  and 
switches.  The  Catalyst  switches 
already  installed  support  Power 
over  Ethernet  (for  powering  IP 
phones)  as  well  as  QoS  for  voice 
traffic.  All  voice  traffic  runs  sepa¬ 
rate  from  data  traffic  in  its  own  vir¬ 
tual  LAN  segment.  Additionally, 
Cisco  VGC  24  gateway  devices, 
which  can  connect  as  many  as  24 
copper/analog  phones  to  a  VoIP 
network,  are  used  in  dormitories 
and  areas  where  just  a  basic 
phone  is  needed  instead  of  a 
more  costly  IP  handset. 


Big  VoIP  on  campus 

Sam  Houston  State  University  is  migrating  its  phone  network  off  of  a  Nortel  PBX  and  a  Cisco 
IP  PBX  onto  the  open  source  Asterisk  VoIP  platform. 
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Q  Redundant  Asterisk  servers  handle  call  processing,  public  switched  telephone  network  gateway  and  voice  mail  services  in 
the  data  center. 

El  Campus  builidings  are  connected  to  the  backbone  via  fiber.  Cisco  PoE  switches  support  IP  phones  connected  to  Asterisk  and 
Cisco  voice  servers. 

Q  Analog  phones  connect  via  a  Cisco  VolP/analog  gateway,  while  dedicated  copper  lines  support  the  legacy  Nortel  handsets. 


SHSU  has  been  able  to  operate 
the  Asterisk/Cisco  IP  phones  at 
one-third  the  cost  of  Call- 
Manager/Cisco  IP  phones,  Daniel 
said.  When  the  digital  Nortel 
handsets  are  migrated  to  SIP- 
based  Cisco  phones,  or  analog 
sets,  another  large  chunk  of  sav¬ 
ings  will  come  by  shutting  down 
the  electrical  and  cooling 
resources  required  to  keep  the 
old  PBX  running.  “The  Meridian 
takes  up  an  awful  lot  of  power. 
The  room  it’s  in  has  to  be  cooled 
to  60  degrees,  and  it  has  to  have  its 
own  generator’’ he  said. 

While  Asterisk  and  SIP  lack 
some  of  the  features  on  the  Cisco 
CallManager,  SHSU  has  handled 
the  transition  with  few  glitches. 
The  only  major  feature  missing  in 
the  Asterisk/Cisco  phone  network 
is  secretarial  functions,  which  let 
an  administrator  manage  and 
answer  phone  extensions  for  mul¬ 
tiple  users.  To  fix  this,  Daniel  is 
looking  into  extensions  to  SIP  that 
enable  multiple-line  handling. 

In  another  potential  issue  with 
open  source  VoIP  SHSU  loses  the 
technical  support  from  Cisco  with 
its  Asterisk  migration.  But  Daniel 
said  he  has  been  able  to  keep  up 


with  support  issues  through  mail¬ 
ing  lists  and  the  online  communi¬ 
ty  that  supports  Asterisk.  Dell  pro¬ 
vides  support  on  the  server  hard¬ 
ware,  and  Digium  supports  the  T-l 
cards  installed  in  the  boxes. 

“We  try  to  have  checks  and  bal¬ 
ances,”  among  the  IT  staff  that  sup¬ 
ports  the  Asterisk  system,  Daniel 
said.“We  try  to  keep  the  [the  Linux 
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and  Asterisk  server  images]  as 
pristine  as  possible.”  Daniel  also 
has  created  copious  documenta¬ 
tion  on  all  the  Asterisk  configura¬ 
tions  and  changes  he’s  made  to 
the  software.  “If  someone  were  to 
have  to  come  in  and  take  over  my 
job,  they’d  have  a  pretty  quick 
turnaround  on  learning  what 
needs  to  be  done,”  he  said.  ■ 
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BAGKSPIN 


Mark  Gibbs 


I  just  received  yet  another 
unasked  for  newsletter 
by  e-mail.  It  was  from  a 
company  that  has  a  prod¬ 
uct  I  think  is  pretty  good 
and  the  newsletter  started  with  the  following  spiel  from 
the  vice  president  of  marketing: 

“Welcome  to  our  fall  issue  of  [newsletter  name]. We 
hope  you  enjoyed  every  moment  of  summer  as  it  swept 
by.  On  my  morning  run  last  week,  I  felt  the  crisp  air  and 
was  reminded  that  fall  is  well  on  its  way 
As  always,  with  a  change  of  seasons  comes  fresh  begin¬ 
nings.  As  the  school  year  starts,  some  of  the  excitement  of 
a  new  year  still  rubs  off  on  us  as  adults.  So  when  the 
leaves  turn  and  the  temperatures  fall,  we  sometimes  feel 
that  we  have  a  fresh  start  in  our  worlds. 

[Company  name]  is  excited  to  present  a  fresh  perspec¬ 
tive  on  [product  name], In  this  issue  of  [newsletter 
name] ,  we  will  talk  about  the  new  option  for  purchasing 
[product  name]  —  as  a  hosted  solution.” 

I  quote  all  of  this  because  it  illustrates  the  kind  of 
newsletter  that  companies  like  subscribing  me  to  without 
asking.  1  am  totally  pissed  off  with  these  involuntary  sub¬ 
scriptions!  It’s  bad  enough  to  get  more  gunge  in  my  inbox, 
but  when  that  gunge  is  irritating  . . .  well.it  makes  you 
want  to  hurt  someone. 


$#&*  your  newsletter! 

I 


These  newsletters  almost  never  contain  anything  of 
value.They  are  almost  always  smug,  chatty  self-congratula¬ 
tory  irrelevant  and  boring,  boring,  boring. 

Even  more  aggravating  are  the  newsletters  that  include, 
as  this  one  did,  explanations  such  as, “When  you  subscribe 
to  the  [newsletter  name], you  can  be  assured  that  your  e- 
mail  address  will  not  be  sold  to  third  parties  by  [company 
name] .’’Isn’t  that  nice  of  them? 

To  add  insult  to  their  stupidity  the  swines  make  me  send 
a  reply  to  them  or  follow  some  link  to  get  off  their  lists. 

I  have  had  it.The  following  memo  is  to  all  the  compa¬ 
nies  that  decide  to  subscribe  me  to  their  newsletters: 

Dear  Whoever  Subscribed  Me, 

You  people  must  be  daft.  I  just  received  your  latest 
newsletter  and  the  most  obvious  message  in  it  is  that  you 
are  idiots.  You  talk  about  my  subscription,  but  the  problem 
is  I  didn’t  subscribe  —  you  did  it  to  me.  Without  asking. 

So,  for  the  third  or  fourth  time  today  I  have  to  follow  a 
link  to  some  site  to  unsubscribe  to  yet  another  lame,  use¬ 
less  newsletter  I  couldn’t  give  a  dang  about. 

We  all  know  that  you  want  to  get  some  kind  of  commu¬ 
nication  going  with  your  existing  and  potential  customers 
and  we  all  understand  that  that  is  a  tough  thing  to  do. The 
problem  is  that  unless  your  product  runs  our  pacemakers 
or  protects  us  from  avian  flu  or  meteor  strikes  we  don’t 
care.  Really.  We  don’t. 


Do  you  think  that  given  the  gazillion  news  sources  we 
have  at  our  disposal  and  the  hundreds  of  products  and 
scores  of  systems  we  deal  with,  not  to  mention  actually 
having  lives  outside  of  the  computer  world,  the  drivel  in 
your  newsletter  is  actually  useful? 

You  are  just  making  yourselves  part  of  the  irritating 
background  noise  of  the  ’Net,  degrading  the  value  of  our 
e-mail  and  annoying  us  to  no  end. 

You  want  to  build  lines  of  communication?  Build  them 
into  your  products.  If  we’re  using  your  products  make  sure 
that  they  inform  us  (in  a  non-irritating  way)  that  new 
upgrades  and  services  are  available. 

If  that  isn’t  enough, send  us  an  announcement  by  e-mail, 
but  only  when  you  really  have  to.  But  please,  don’t  send  us 
your  thoughts  on  your  exercise  schedule,  the  weather,  or 
your  wishy-washy  sentiments  about  getting  old.  We  get  old 
just  reading  your  drivel. 

Take  these  comments  to  heart.Think  carefully  about 
how  and  why  you  communicate  and  what  the  value  is  to 
us.  And  if  you  continue  to  send  me  your  newsletters,  pray 
that  you  don’t  live  near  me  or  in  a  town  that  I  might  visit. 

Yours, 

Mark  Gibbs 

Do  you  subscribe  to  my  anger?  Tell  me  at  backspin@ 
gibbs.com  or  on  Gibbs  blog. 


mm 


News,  insights  and  oddities 


Hypothetical  death  match:  E-mail  vs.  Web 


Paul  McNamara 


You  must  give  up  one  or  the  other  —  just  play  along 
with  me  now  —  so  how  do  you  intend  to  work  and  live 
the  rest  of  your  life? 

Without  the  use  of  e-mail?  Or  without  access  to  the  Web? 

Both  will  continue  to  exist;  that's  important  to  consider.  And  only  you  will  be  giving 
up  one  or  the  other.  Not  your  friends,  family,  business  associates  or  competitors.This 
is  an  academic  exercise  so  there  will  be  no  cheating  allowed.  No  instant  messaging, 
text  messaging  or  Web  mail  to  substitute  for  e-mail.  And  no  borrowing  someone  else’s 
browser  or  hiring  a  personal  valet  to  do  your  surfing. 

Which  one  are  you  going  to  give  up  —  and  why? 

Me?  I’m  giving  up  e-mail.  My  job  would  be  unimaginably  difficult  without  e-mail,  but 
near  impossible  without  access  to  the  Web.  Most  of  the  communicating  I  do  by  e-mail 
could  conceivably  be  accomplished  by  telephone  (and  what  are  those  silly  envelopes 
with  stamps  called  again?).  But  I  don't  see  any  way  to  do  my  job  without  the  Web,  even 
though  I’m  old  enough  to  have  done  it  back  when  dinosaurs  roamed  the  Earth. 

Last  week  I  put  this  unpleasant  choice  to  the  members  of  my  e-mail  list,  the  Buzzblog 
Brigade,  and  as  you  might  expect,  the  Web  pretty  much  kicked  e-mail's  backside  — 
even  though  a  sturdy  minority  put  up  a  stirring  defense  of  their  in-boxes.  No  surprise 
there.  What  was  surprising,  however,  was  the  number  of  respondents  who  cited  the 
potential  benefits  of  losing  their  e-mail  privileges  and  the  smaller  subset  that  couldn't 
■Ting  themselves  to  choose;  it  was  almost  as  if  they  feared  I  had  the  power  to  actually 
take  away  their  toys. 

What  fellows  are  excerpts  from  some  of  the  better  replies  and  you  can  read  a  whole 
Punch  more  online  at  www.nwdocfinder.com/5111.  Let’s  start  with  the  minority  point  of 
view.  Perhaps  my  favorite  defense  of  e-mail  comes  from  George  Grenley,  whose  ratio¬ 
nale  will  tug  at  the  heartstrings  of  all  but  the  most  jaded: 

"My  first  thought  was  the  same  as  yours;  I’d  give  up  e-mail,"  Grenley  writes.  "I  could 
use  stamps,  after  all.  But  I  probably  wouldn't. Truth  is,  I  never  wrote  letters  in  the  pen- 


and-ink  days,  not  even  to  dear  old  Mom  very  often.  E-mail  has  made  me  a  better  per¬ 
son;  I  keep  in  touch  with  old  friends,  as  we  all  should.” 

“Give  up  the  Web?  It’s  great  for  shopping;  I  never  go  in  stores  anymore,"  he  contin¬ 
ues.  "Amazon  alone  is  a  pretty  good  reason  to  have  the  Web.  And  the  Web  is  great  for 
scratching  that  intellectual  itch.  I  settled  a  bet  on  the  bone  structure  of  monkeys  once, 
thanks  to  Google  and  the  Web.  But  in  the  pre-Web  days  I  was  an  inveterate  collector  of 
catalogs,  and  so  I  managed  to  get  much  of  what  I  needed,  or  at  least  decided  I  wanted, 
via  catalogs  and  1-800  ordering.  I  could  get  by  with  that  again,  if  I  had  to." 

“So,  gimme  e-mail,  and  take  the  Web.  Mom  will  appreciate  it." 

Mark  Loosli  offers  a  more  hardheaded  defense  of  waving  so  long  to  the  Web. 

“Unlike  you,  I  would  give  up  Web  access,”  he  writes.  "I  work  fora  leasing  company 
and  do  much  of  my  financial  and  equipment  research  on  the  Web,  so  it  would  be  diffi¬ 
cult  without  it.  But  there  are  a  number  of  avenues  for  the  type  of  research  I  do.  When  it 
comes  to  e-mail,  it  has  become  much  more  than  a  true  communications  tool.  By  scan¬ 
ning  documents  I  can  send  and  receive  contracts,  financial  reports,  equipment  audits, 
etc.,  that  in  the  past  were  sent  by  overnight  or  by  fax  in  a  less  timely  and  more  expen¬ 
sive  fashion.” 

The  cost-benefit  analysis  works  out  quite  differently  for  most,  however. 

“Web?  E-mail?  Web?  E-mail?  Sorry  e-mail,  you're  toast,”  writes  Bill  Davies.  "I  would 
miss  the  convenience  of  instant  contact  around  the  world  but  there  are  alternatives 
and  the  operative  word  there  is  ‘convenience’. The  activities  that  I  do  on  the  Web 
could  not  in  many  cases  be  done  in  any  other  way.” 

Practicality  was  a  theme  repeated  throughout  the  missives  from  those  who  say 
they  just  couldn’t  get  by  without  a  browser. 

"This  is  an  easy  one  —  I'd  give  up  e-mail  in  a  heartbeat,"  writes  Bill  Dotson.  “It 
would  be  a  little  difficult  at  first,  but  maybe  the  world  would  be  a  slightly  better 

place  if  we  were  required  to  have  actual,  personal  interactions  now  and  then _ But  I 
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_DAY  15:  Our  network  s  too  complex  to  manage.  We  re 
not  proactive  at  all;  we’re  just  reacting.  Help! 

_Gil  brought  in  a  crystal  ball.  Says  he  can  now  peer 
into  the  future  of  our  infrastructure . 


_DAY  17:  I  see  a  better  way:  IBM  Tivoli  middleware. 
It  gives  us  a  holistic  view  of  the  infrastructure  and 
analyzes  the  relationship  between  apps,  systems  and 
networks.  Fixes  problems  proactively  for  more  uptime 
and  more  storage  availability.  Plus,  it’s  open, 
modular  and  scalable. 


Gil  says  he  saw  all  that  too  but  forgot  to  tell  us 
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_DAY  18:  Everything  is  frozen.  It’s  our  processes. 
They’re  inflexible.  We  can’t  respond  to  change. 

_Why  did  we  lock  ourselves  in  like  this?  Brrrr. 

_DAY  19:  A  way  out.  IBM  WebSphere  middleware  for 
Business  Process  Management.  It  lets  us  streamline 
business  tasks.  We  can  test  our  processes  before  we 
roll  them  out  and  monitor  performance  once  they’re 
deployed,  and  reuse  is  easy  because  it’s  based  on  a 
service  oriented  architecture. 


.Everything’s  unfrozen  now.  Wow,  it’s  good  to  feel 
my  toes  again. 
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